CVE-2021-28658
- EPSS 3.87%
- Veröffentlicht 06.04.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:00:02
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
CVE-2021-30130
- EPSS 1.06%
- Veröffentlicht 06.04.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:03:22
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
CVE-2019-25026
- EPSS 0.81%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 04:39:46
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
CVE-2020-36306
- EPSS 0.74%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 05:29:13
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVE-2020-36307
- EPSS 0.7%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 05:29:13
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVE-2020-36308
- EPSS 0.97%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 05:29:14
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
CVE-2021-30163
- EPSS 1.16%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:25
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVE-2021-30164
- EPSS 1.32%
- Veröffentlicht 06.04.2021 08:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:26
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30154
- EPSS 1.31%
- Veröffentlicht 06.04.2021 07:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:24
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.
CVE-2021-30157
- EPSS 1.41%
- Veröffentlicht 06.04.2021 07:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:25
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped,...