Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2020-36306 Cross-site Scripting vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
4.3
2021-04-06 CVE-2019-25026 Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
network
low complexity
redmine debian
5.0
2021-04-06 CVE-2021-30158 Improper Authentication vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-287
5.3
2021-04-06 CVE-2021-30157 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
2021-04-06 CVE-2021-30154 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
2021-04-06 CVE-2021-30151 Cross-site Scripting vulnerability in multiple products
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
network
low complexity
contribsys debian CWE-79
6.1
2021-04-02 CVE-2020-10001 Improper Input Validation vulnerability in multiple products
An input validation issue was addressed with improved memory handling.
network
apple debian CWE-20
4.3
2021-04-01 CVE-2021-22876 Information Exposure vulnerability in multiple products
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header.
5.3
2021-04-01 CVE-2021-20296 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in OpenEXR in versions before 3.0.0-beta.
network
low complexity
openexr debian CWE-476
5.3
2021-03-31 CVE-2021-3479 Resource Exhaustion vulnerability in multiple products
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta.
local
low complexity
openexr debian CWE-400
5.5