Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-11 CVE-2021-30485 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in libezxml.a in ezXML 0.8.6.
4.3
2021-04-09 CVE-2021-30159 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject
4.3
2021-04-09 CVE-2021-30155 Missing Authorization vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-862
4.3
2021-04-09 CVE-2021-30152 Improper Privilege Management vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-269
4.3
2021-04-08 CVE-2021-3482 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1.
network
low complexity
exiv2 redhat fedoraproject debian CWE-787
6.5
2021-04-08 CVE-2021-1405 Missing Initialization of Resource vulnerability in multiple products
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian CWE-909
5.0
2021-04-06 CVE-2021-28658 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
5.3
2021-04-06 CVE-2021-30163 Information Exposure vulnerability in multiple products
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
network
low complexity
redmine debian CWE-200
5.0
2021-04-06 CVE-2020-36308 Injection vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
network
low complexity
redmine debian CWE-74
5.0
2021-04-06 CVE-2020-36307 Cross-site Scripting vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
4.3