Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2021-31865 Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
network
low complexity
redmine debian
5.0
5.0
2021-04-28 CVE-2021-31864 Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
network
low complexity
redmine debian
5.0
5.0
2021-04-28 CVE-2021-31863 Improper Input Validation vulnerability in multiple products
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
network
low complexity
redmine debian CWE-20
5.0
5.0
2021-04-27 CVE-2019-25031 Injection vulnerability in multiple products
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
network
high complexity
nlnetlabs debian CWE-74
5.9
5.9
2021-04-26 CVE-2021-21218 Use of Uninitialized Resource vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google debian fedoraproject CWE-908
5.5
5.5
2021-04-26 CVE-2021-21211 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
6.5
2021-04-26 CVE-2021-21209 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
6.5
2021-04-26 CVE-2021-21219 Unchecked Return Value vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google debian fedoraproject CWE-252
5.5
5.5
2021-04-26 CVE-2021-21217 Unchecked Return Value vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google debian fedoraproject CWE-252
5.5
5.5
2021-04-26 CVE-2021-21212 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
network
low complexity
google debian fedoraproject
6.5
6.5