Page 3 of 51 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-31865

https://notcve.org/view.php?id=CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. Redmine versiones anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.3 y versiones 4.2.x anteriores a 4.2.1, permite a usuarios omitir unas extensiones de nombre de archivo permitidas de archivos adjuntos cargados • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/news/131 https://www.redmine.org/projects/redmine/wiki/Security_Advisories •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-31866

https://notcve.org/view.php?id=CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. Redmine versiones anteriores a 4.0.9 y versiones 4.1.x anteriores a 4.1.3, permite a un atacante aprender los valores de las claves de autenticación internas al observar las diferencias de tiempo en las operaciones de comparación de cadenas dentro de las funciones SysController y MailHandlerController • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/news/131 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-30163

https://notcve.org/view.php?id=CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. Redmine versiones anteriores a 4.0.8 y versiones 4.1.x anteriores a 4.1.2, permite a atacantes detectar los nombres de proyectos privados si se presentan detalles del diario de problemas que poseen cambios en unos valores de project_id • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-36306

https://notcve.org/view.php?id=CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS por medio del campo back_url • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-36307

https://notcve.org/view.php?id=CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS almacenado por medio de enlaces en línea de textile • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •