Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/redmine@3.4.2-1?distro=trixie

Type deb

Namespace debian

Name redmine

Version 3.4.2-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.4.4-1

Latest_non_vulnerable_version 6.0.6+ds-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2m9j-vjy9-k7es

vulnerability_id VCID-2m9j-vjy9-k7es

summary In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16804

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.57319
published_at	2026-06-04T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57371
published_at	2026-06-05T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.5738
published_at	2026-06-06T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57369
published_at	2026-06-07T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57356
published_at	2026-06-08T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57372
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-16804

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m9j-vjy9-k7es

url VCID-5qgn-r984-wfbk

vulnerability_id VCID-5qgn-r984-wfbk

summary Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15576

reference_id

reference_type

scores

value	0.00537
scoring_system	epss
scoring_elements	0.67868
published_at	2026-06-04T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67908
published_at	2026-06-05T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67914
published_at	2026-06-06T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67904
published_at	2026-06-07T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67891
published_at	2026-06-08T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67907
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15576

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qgn-r984-wfbk

url VCID-76pd-d4ks-xye9

vulnerability_id VCID-76pd-d4ks-xye9

summary In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15574

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.5982
published_at	2026-06-04T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.5987
published_at	2026-06-05T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59873
published_at	2026-06-06T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59864
published_at	2026-06-07T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59845
published_at	2026-06-08T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59863
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15574

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76pd-d4ks-xye9

url VCID-bv1p-gbz8-bkdg

vulnerability_id VCID-bv1p-gbz8-bkdg

summary In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15573

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.5982
published_at	2026-06-04T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.5987
published_at	2026-06-05T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59873
published_at	2026-06-06T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59864
published_at	2026-06-07T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59845
published_at	2026-06-08T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59863
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15573

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv1p-gbz8-bkdg

url VCID-fvyt-5nsx-dye2

vulnerability_id VCID-fvyt-5nsx-dye2

summary Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15577

reference_id

reference_type

scores

value	0.00537
scoring_system	epss
scoring_elements	0.67868
published_at	2026-06-04T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67908
published_at	2026-06-05T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67914
published_at	2026-06-06T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67904
published_at	2026-06-07T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67891
published_at	2026-06-08T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67907
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15577

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvyt-5nsx-dye2

url VCID-n5es-2416-uqe3

vulnerability_id VCID-n5es-2416-uqe3

summary A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18890

reference_id

reference_type

scores

value	0.27968
scoring_system	epss
scoring_elements	0.9656
published_at	2026-06-04T12:55:00Z

value	0.27968
scoring_system	epss
scoring_elements	0.96563
published_at	2026-06-05T12:55:00Z

value	0.27968
scoring_system	epss
scoring_elements	0.96567
published_at	2026-06-06T12:55:00Z

value	0.27968
scoring_system	epss
scoring_elements	0.96569
published_at	2026-06-08T12:55:00Z

value	0.27968
scoring_system	epss
scoring_elements	0.96574
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18890

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890

reference_url	https://usn.ubuntu.com/4200-1/
reference_id	USN-4200-1
reference_type
scores
url	https://usn.ubuntu.com/4200-1/

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2019-18890

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5es-2416-uqe3

url VCID-sfme-v8hq-xybk

vulnerability_id VCID-sfme-v8hq-xybk

summary In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15575

reference_id

reference_type

scores

value	0.00717
scoring_system	epss
scoring_elements	0.72773
published_at	2026-06-04T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.72812
published_at	2026-06-05T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.7282
published_at	2026-06-06T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.72802
published_at	2026-06-07T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.7279
published_at	2026-06-08T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.72814
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15575

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfme-v8hq-xybk

url VCID-xhxu-jf73-ryb8

vulnerability_id VCID-xhxu-jf73-ryb8

summary In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15572

reference_id

reference_type

scores

value	0.00583
scoring_system	epss
scoring_elements	0.69349
published_at	2026-06-04T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69388
published_at	2026-06-07T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69397
published_at	2026-06-06T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69373
published_at	2026-06-08T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69394
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026

fixed_packages

url	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
purl	pkg:deb/debian/redmine@3.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2017-15572

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhxu-jf73-ryb8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie

Package Instance