Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Redmine Subscribe
Filtered by product Redmine
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8537 2 Debian, Redmine 2 Debian Linux, Redmine 2016-04-20 5.0 MEDIUM 5.3 MEDIUM
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
CVE-2015-8473 2 Debian, Redmine 2 Debian Linux, Redmine 2016-04-20 4.0 MEDIUM 4.3 MEDIUM
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
CVE-2012-0327 1 Redmine 1 Redmine 2012-10-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4927 1 Redmine 1 Redmine 2012-10-08 4.0 MEDIUM N/A
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2011-4928 1 Redmine 1 Redmine 2012-10-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4929 1 Redmine 1 Redmine 2012-10-08 7.5 HIGH N/A
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2012-2054 1 Redmine 1 Redmine 2012-04-05 5.0 MEDIUM N/A
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.