Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2020-36306 | Cross-site Scripting vulnerability in multiple products Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | 4.3 |
| 2021-04-06 | CVE-2019-25026 | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | 5.0 |
| 2021-04-06 | CVE-2021-30158 | Improper Authentication vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 5.3 |
| 2021-04-06 | CVE-2021-30157 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 6.1 |
| 2021-04-06 | CVE-2021-30154 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 6.1 |
| 2021-04-06 | CVE-2021-30151 | Cross-site Scripting vulnerability in multiple products Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | 6.1 |
| 2021-04-02 | CVE-2020-10001 | Improper Input Validation vulnerability in multiple products An input validation issue was addressed with improved memory handling. | 4.3 |
| 2021-04-01 | CVE-2021-22876 | Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. | 5.3 |
| 2021-04-01 | CVE-2021-20296 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in OpenEXR in versions before 3.0.0-beta. | 5.3 |
| 2021-03-31 | CVE-2021-3479 | Resource Exhaustion vulnerability in multiple products There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. | 5.5 |