Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...

EUVD-2015-8355

Malware in sbrugna...

EUVD-2021-17100

Malware in sbrugna...

CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

BIT-REDMINE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

Access Restriction Bypass

Redmine is vulnerable to access restriction bypass. It allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

Unspecified Vulnerability in Redmine

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine before 4.0.8 and 4.1.x before 4.1.2 that allows an attack...

CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

DEBIAN-CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

Authentication flaw

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

UBUNTU-CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the addissuenotes permission requirement by leveraging the Issues API...

Redmine 安全漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine before 4.0.8 and 4.1.x before 4.1.2 that allows an attack...

CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

UBUNTU-CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

Design/Logic Flaw

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

redmine -- multiple vulnerabilities

Redmine reports: Potential changeset message disclosure in issues API. Data disclosure on the time logging form...