Page 4 of 51 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-36308

https://notcve.org/view.php?id=CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, permite a atacantes detectar el tema de un problema no visible al llevar a cabo una exportación CSV y leer las entradas de tiempo • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-25026

https://notcve.org/view.php?id=CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Redmine versiones anteriores a 3.4.13 y versiones 4.x anteriores a 4.0.6, maneja inapropiadamente unos datos de marcado durante el formateo de Textile • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-30164

https://notcve.org/view.php?id=CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. Redmine versiones anteriores a 4.0.8 y versiones 4.1.x anteriores a 4.1.2, permite a atacantes omitir el requisito de permiso add_issue_notes al aprovechar la API Issues • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-29274

https://notcve.org/view.php?id=CVE-2021-29274

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. Redmine versiones 4.1.x anteriores a 4.1.2, permite un ataque de tipo XSS porque el tema de un problema es manejado inapropiadamente en la sugerencia de autocompletar • https://www.redmine.org/issues/33846 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2019-18890

https://notcve.org/view.php?id=CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. Una vulnerabilidad de inyección SQL en Redmine versiones hasta 3.2.9 y versiones 3.3.x anteriores a 3.3.10, permite a usuarios de Redmine acceder a información protegida por medio de una consulta de objeto diseñada. • https://github.com/RealLinkers/CVE-2019-18890 https://seclists.org/bugtraq/2019/Nov/31 https://security-tracker.debian.org/tracker/CVE-2019-18890 https://usn.ubuntu.com/4200-1 https://www.debian.org/security/2019/dsa-4574 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •