Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/937661?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "type": "deb", "namespace": "debian", "name": "redmine", "version": "6.0.6+ds-6", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250264?format=api", "vulnerability_id": "VCID-1fe1-sdn1-jfcw", "summary": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44102", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44212", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44235", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44288", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4431", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44335", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44326", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44255", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44176", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44179", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44096", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.43974", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44051", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44067", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44005", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44034", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31864" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792", "reference_id": "990792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31864" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fe1-sdn1-jfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131449?format=api", "vulnerability_id": "VCID-26sk-sat8-gbfq", "summary": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.5098", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51033", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51058", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51015", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51072", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51092", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.5112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51097", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51046", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51053", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51013", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50946", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50997", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51028", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50985", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4459" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563940", "reference_id": "563940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563940" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937663?format=api", "purl": "pkg:deb/debian/redmine@0.9.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4459" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26sk-sat8-gbfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69639?format=api", "vulnerability_id": "VCID-2fwd-ykd8-bbge", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66887", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66823", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66626", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6673", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66707", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6674", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66754", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66739", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66763", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66776", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66774", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66744", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66789", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66829", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66803", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/27186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/27186" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548", "reference_id": "882548", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15571", "reference_id": "CVE-2017-15571", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15571" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937670?format=api", "purl": "pkg:deb/debian/redmine@3.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15571" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fwd-ykd8-bbge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147591?format=api", "vulnerability_id": "VCID-2k56-5ddy-qqdf", "summary": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82808", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82822", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82843", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82849", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82865", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.8286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82894", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82897", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82918", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82927", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82932", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82953", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82973", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.82994", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.83009", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01817", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1985" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828", "reference_id": "743828", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937666?format=api", "purl": "pkg:deb/debian/redmine@2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k56-5ddy-qqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79258?format=api", "vulnerability_id": "VCID-2mcw-11ja-gfbm", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.83079", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.83042", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82825", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82854", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82876", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82883", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82899", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82932", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82952", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82962", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82966", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.82987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.83007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.83028", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01826", "scoring_system": "epss", "scoring_elements": "0.83027", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890" }, { "reference_url": "https://github.com/RealLinkers/CVE-2019-17427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/RealLinkers/CVE-2019-17427" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Nov/31" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4574" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17427", "reference_id": "CVE-2019-17427", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17427" }, { "reference_url": "https://usn.ubuntu.com/4200-1/", "reference_id": "USN-4200-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4200-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937672?format=api", "purl": "pkg:deb/debian/redmine@4.0.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-17427" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcw-11ja-gfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/328867?format=api", "vulnerability_id": "VCID-3xup-fkaz-e7hu", "summary": "A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40012", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39945", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39923", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40016", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40002", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39933", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4007", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4015", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40163", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40242", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40318", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4035", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40303", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40323", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4036", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40286", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4011" }, { "reference_url": "https://www.redmine.org/versions/206", "reference_id": "206", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/" } ], "url": "https://www.redmine.org/versions/206" }, { "reference_url": "https://www.redmine.org/issues/42238", "reference_id": "42238", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/" } ], "url": "https://www.redmine.org/issues/42238" }, { "reference_url": "https://vuldb.com/?ctiid.306364", "reference_id": "?ctiid.306364", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/" } ], "url": "https://vuldb.com/?ctiid.306364" }, { "reference_url": "https://vuldb.com/?id.306364", "reference_id": "?id.306364", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/" } ], "url": "https://vuldb.com/?id.306364" }, { "reference_url": "https://vuldb.com/?submit.558240", "reference_id": "?submit.558240", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/" } ], "url": "https://vuldb.com/?submit.558240" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937675?format=api", "purl": "pkg:deb/debian/redmine@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937679?format=api", "purl": "pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.4%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4011" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xup-fkaz-e7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201902?format=api", "vulnerability_id": "VCID-47ng-dbbf-m7h3", "summary": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62777", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62835", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.6288", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62914", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62922", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.6293", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62945", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.629", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62946", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62999", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62957", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62985", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63042", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937673?format=api", "purl": "pkg:deb/debian/redmine@4.0.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-25026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47ng-dbbf-m7h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138459?format=api", "vulnerability_id": "VCID-5gc4-5aez-q3b4", "summary": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45055", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45084", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45165", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45184", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45172", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45226", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4522", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45033", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.44928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.44995", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45012", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.44954", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4498", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4927" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2261" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/7" }, { "reference_url": "http://www.redmine.org/news/49", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/49" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397", "reference_id": "608397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4927", "reference_id": "CVE-2011-4927", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937664?format=api", "purl": "pkg:deb/debian/redmine@1.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4927" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5gc4-5aez-q3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/281651?format=api", "vulnerability_id": "VCID-5j9e-c844-zuh1", "summary": "Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57533", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57493", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57442", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57467", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.575", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57519", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57478", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57505", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57501", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.5748", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57438", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57457", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57436", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57387", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.5743", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44030" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048", "reference_id": "1026048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048" }, { "reference_url": "https://www.redmine.org/news/139", "reference_id": "139", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T16:15:17Z/" } ], "url": "https://www.redmine.org/news/139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937677?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-44030" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5j9e-c844-zuh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302720?format=api", "vulnerability_id": "VCID-65km-m9kb-m3d3", "summary": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61761", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61578", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61626", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61651", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61631", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61656", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61672", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61666", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6166", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61723", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61679", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61708", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47258" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474", "reference_id": "1055474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937678?format=api", "purl": "pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-47258" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65km-m9kb-m3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69636?format=api", "vulnerability_id": "VCID-6p27-dume-v7gu", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6278", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62723", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6263", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62646", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62629", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62679", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62674", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6269", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62638", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62686", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62738", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62697", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/27186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/27186" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544", "reference_id": "882544", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15568", "reference_id": "CVE-2017-15568", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937670?format=api", "purl": "pkg:deb/debian/redmine@3.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15568" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p27-dume-v7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69642?format=api", "vulnerability_id": "VCID-6zc2-q7mb-fbf7", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59652", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59582", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59414", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59479", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59545", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59548", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59521", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59541", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59528", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5949", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59538", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59596", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59554", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/24199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/24199" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15574", "reference_id": "CVE-2017-15574", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15574" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zc2-q7mb-fbf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250267?format=api", "vulnerability_id": "VCID-7nsr-5xpe-vke4", "summary": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63446", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63196", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63284", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63249", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63327", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63338", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63336", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63308", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63352", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63405", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63366", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63392", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31866" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792", "reference_id": "990792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31866" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131163?format=api", "vulnerability_id": "VCID-85ra-prcs-7yh6", "summary": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50282", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50369", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50362", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50381", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50412", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50415", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50392", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50339", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50349", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.503", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50222", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50275", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50307", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.5026", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50288", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50363", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4079" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937660?format=api", "purl": "pkg:deb/debian/redmine@0.9.0~svn2902-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.0~svn2902-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85ra-prcs-7yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/248883?format=api", "vulnerability_id": "VCID-8cvp-423x-qfga", "summary": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43176", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43276", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43333", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43387", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43355", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4334", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.434", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43324", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43257", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43182", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43049", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43127", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43143", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43082", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43113", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800", "reference_id": "986800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-30164" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cvp-423x-qfga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81092?format=api", "vulnerability_id": "VCID-8t1e-fc2y-ayck", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64499", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64446", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64239", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6433", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64346", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64317", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64374", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64388", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64361", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64406", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64451", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64421", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537" }, { "reference_url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3529", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3529" }, { "reference_url": "http://www.redmine.org/news/103", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/103" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826", "reference_id": "807826", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8537", "reference_id": "CVE-2015-8537", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8537" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937667?format=api", "purl": "pkg:deb/debian/redmine@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8537" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8t1e-fc2y-ayck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/281652?format=api", "vulnerability_id": "VCID-8trg-1f24-mff1", "summary": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71501", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71447", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71304", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7135", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71355", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71334", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71396", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.714", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71385", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71422", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71457", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71419", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048", "reference_id": "1026048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937677?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-44031" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8trg-1f24-mff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140144?format=api", "vulnerability_id": "VCID-9th3-z1tc-k7cf", "summary": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50771", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50811", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50866", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50907", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50869", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50913", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50892", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50841", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5085", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5081", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50734", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50787", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50818", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50773", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50804", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50881", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2054" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937665?format=api", "purl": "pkg:deb/debian/redmine@1.3.2%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.3.2%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2054" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9th3-z1tc-k7cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250266?format=api", "vulnerability_id": "VCID-a2t5-u2dx-5fc2", "summary": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60244", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60003", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60081", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60105", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60075", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60125", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60145", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60167", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60174", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60136", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60093", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6014", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60198", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60156", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60183", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31865" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792", "reference_id": "990792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31865" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2t5-u2dx-5fc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228143?format=api", "vulnerability_id": "VCID-b2yh-snxf-6uft", "summary": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56558", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56675", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.5671", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56704", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56674", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56612", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.5663", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56613", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56568", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56615", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56679", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56629", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56652", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56715", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36307" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937674?format=api", "purl": "pkg:deb/debian/redmine@4.0.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36307" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2yh-snxf-6uft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69637?format=api", "vulnerability_id": "VCID-bh4v-9j9j-8ya1", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6278", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62723", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6263", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62646", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62629", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62679", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62674", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6269", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62638", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62686", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62738", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62697", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/27186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/27186" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545", "reference_id": "882545", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15569", "reference_id": "CVE-2017-15569", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15569" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937670?format=api", "purl": "pkg:deb/debian/redmine@3.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15569" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bh4v-9j9j-8ya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138460?format=api", "vulnerability_id": "VCID-bv77-7wru-cygd", "summary": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48971", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48889", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48926", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48952", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48906", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4896", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48958", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48948", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48956", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48909", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48826", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48918", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48865", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48895", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4928" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2261" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/7" }, { "reference_url": "http://www.redmine.org/news/49", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/49" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397", "reference_id": "608397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4928", "reference_id": "CVE-2011-4928", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937664?format=api", "purl": "pkg:deb/debian/redmine@1.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4928" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv77-7wru-cygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302721?format=api", "vulnerability_id": "VCID-frcf-zk52-h7ft", "summary": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61761", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61578", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61626", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61651", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61631", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61656", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61672", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61666", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6166", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61723", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61679", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61708", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474", "reference_id": "1055474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937678?format=api", "purl": "pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-47259" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frcf-zk52-h7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69644?format=api", "vulnerability_id": "VCID-gagk-z8js-9kgm", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67693", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67634", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67486", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67552", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67574", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.6756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67527", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67553", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67583", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67584", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67558", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67601", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67638", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67609", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/23803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/23803" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15576", "reference_id": "CVE-2017-15576", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15576" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15576" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gagk-z8js-9kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259816?format=api", "vulnerability_id": "VCID-ghu6-c695-rqf9", "summary": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.664", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66139", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6618", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66176", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66224", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66214", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66249", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66264", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66272", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66286", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66263", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66307", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66349", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66321", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66341", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42326" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417", "reference_id": "998417", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417" }, { "reference_url": "https://security.archlinux.org/AVG-2462", "reference_id": "AVG-2462", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42326" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghu6-c695-rqf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81089?format=api", "vulnerability_id": "VCID-hwb5-sw11-ykcg", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58619", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58547", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58404", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58509", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.5848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58532", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58555", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58536", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58516", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58549", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58554", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.585", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58498", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58464", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58508", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58566", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58519", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537" }, { "reference_url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472" }, { "reference_url": "https://www.redmine.org/issues/19577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/19577" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3529", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3529" }, { "reference_url": "http://www.redmine.org/news/101", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/101" }, { "reference_url": "http://www.securityfocus.com/bid/78625", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/78625" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272", "reference_id": "807272", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8474", "reference_id": "CVE-2015-8474", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937667?format=api", "purl": "pkg:deb/debian/redmine@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8474" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwb5-sw11-ykcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69646?format=api", "vulnerability_id": "VCID-j88j-cdx3-a3ch", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57077", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57052", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.56995", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57112", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.5714", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57135", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57114", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57045", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57064", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.56994", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57104", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/25713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/25713" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16804", "reference_id": "CVE-2017-16804", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16804" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j88j-cdx3-a3ch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/157653?format=api", "vulnerability_id": "VCID-k8rg-xkps-m3ex", "summary": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.6308", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.6322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63204", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63211", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63191", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63212", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63227", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63226", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63192", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63235", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63288", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63249", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63275", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.6333", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937668?format=api", "purl": "pkg:deb/debian/redmine@3.0~20140825-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.0~20140825-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rg-xkps-m3ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/281915?format=api", "vulnerability_id": "VCID-kmja-ehjr-e3cx", "summary": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71501", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71447", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71304", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7135", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71355", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71334", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71396", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.714", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71385", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71422", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71457", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71419", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44637" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048", "reference_id": "1026048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937677?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-44637" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmja-ehjr-e3cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69641?format=api", "vulnerability_id": "VCID-kx78-85xx-yuav", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59652", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59582", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59414", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59479", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59545", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59548", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59521", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59541", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59528", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5949", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59538", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59596", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59554", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/25503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/25503" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15573", "reference_id": "CVE-2017-15573", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15573" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15573" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx78-85xx-yuav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69647?format=api", "vulnerability_id": "VCID-m3kp-h2d7-h3ap", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73266", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.7321", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73038", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.7308", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73097", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.7309", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73133", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73143", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73135", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73171", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73184", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73183", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73178", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73205", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73226", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73187", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678" }, { "reference_url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e" }, { "reference_url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/27516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/27516" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307", "reference_id": "887307", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18026", "reference_id": "CVE-2017-18026", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937670?format=api", "purl": "pkg:deb/debian/redmine@3.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-18026" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kp-h2d7-h3ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159309?format=api", "vulnerability_id": "VCID-mf6v-q1bw-tyce", "summary": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57752", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57684", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57572", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57656", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57708", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57711", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57726", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57715", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57691", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57648", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57668", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57646", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57601", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57709", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10515" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10515", "reference_id": "CVE-2016-10515", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937669?format=api", "purl": "pkg:deb/debian/redmine@3.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mf6v-q1bw-tyce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81091?format=api", "vulnerability_id": "VCID-p2vy-dhe9-jyaa", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64529", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64477", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.6427", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64327", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64347", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64383", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64419", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64392", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64437", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64483", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64452", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537" }, { "reference_url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22" }, { "reference_url": "https://www.redmine.org/issues/21136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/21136" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1" }, { "reference_url": "https://www.redmine.org/versions/105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/versions/105" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3529", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3529" }, { "reference_url": "http://www.securityfocus.com/bid/78621", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/78621" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345", "reference_id": "807345", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8473", "reference_id": "CVE-2015-8473", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8473" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937667?format=api", "purl": "pkg:deb/debian/redmine@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8473" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2vy-dhe9-jyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81090?format=api", "vulnerability_id": "VCID-pe8x-mqwn-gbaa", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64499", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64446", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64239", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6433", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64346", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64317", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64374", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64388", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64361", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64406", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64451", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64421", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537" }, { "reference_url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c" }, { "reference_url": "https://www.redmine.org/issues/21150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/21150" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3529", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3529" }, { "reference_url": "http://www.redmine.org/news/102", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/102" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376", "reference_id": "806376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8346", "reference_id": "CVE-2015-8346", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8346" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937667?format=api", "purl": "pkg:deb/debian/redmine@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8346" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pe8x-mqwn-gbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254440?format=api", "vulnerability_id": "VCID-pwfc-n1q7-b7e4", "summary": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47985", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48048", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47998", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48051", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48069", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48045", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48109", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48104", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4806", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48041", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48001", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47986", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48011", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47956", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37156" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937675?format=api", "purl": "pkg:deb/debian/redmine@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37156" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwfc-n1q7-b7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250262?format=api", "vulnerability_id": "VCID-r8j4-1ux4-6ycy", "summary": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.74037", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73819", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73824", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73858", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73871", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73893", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73874", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73943", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73952", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73947", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73974", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73997", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73958", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73982", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31863" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792", "reference_id": "990792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31863" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8j4-1ux4-6ycy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69638?format=api", "vulnerability_id": "VCID-rf3d-ve7z-53ek", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66887", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66823", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66626", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6673", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66707", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6674", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66754", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66739", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66763", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66776", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66774", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66744", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66789", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66829", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66803", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/27186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/27186" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547", "reference_id": "882547", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15570", "reference_id": "CVE-2017-15570", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15570" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937670?format=api", "purl": "pkg:deb/debian/redmine@3.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15570" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf3d-ve7z-53ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228145?format=api", "vulnerability_id": "VCID-rhz3-bz8y-p7an", "summary": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63651", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63663", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63645", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63682", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63692", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63675", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63693", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63706", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63701", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63674", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63718", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63768", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63733", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63759", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6381", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36308" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937674?format=api", "purl": "pkg:deb/debian/redmine@4.0.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36308" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhz3-bz8y-p7an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228141?format=api", "vulnerability_id": "VCID-sw97-t1zg-13b1", "summary": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56558", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56675", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.5671", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56704", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56674", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56612", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.5663", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56613", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56568", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56615", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56679", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56629", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56652", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56715", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937674?format=api", "purl": "pkg:deb/debian/redmine@4.0.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36306" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw97-t1zg-13b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69643?format=api", "vulnerability_id": "VCID-tfsu-xjfx-1qfs", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72575", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.7252", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72352", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72358", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72376", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72448", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72479", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72487", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72484", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72476", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72505", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.7253", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72493", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/24307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/24307" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15575", "reference_id": "CVE-2017-15575", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15575" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfsu-xjfx-1qfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302722?format=api", "vulnerability_id": "VCID-tu21-t1wh-zuev", "summary": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67855", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67641", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67642", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67693", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67731", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67683", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67719", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67713", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67733", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67744", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67746", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67724", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67766", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67803", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67773", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67798", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47260" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474", "reference_id": "1055474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937678?format=api", "purl": "pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-47260" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tu21-t1wh-zuev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138997?format=api", "vulnerability_id": "VCID-tx8x-3rud-ykby", "summary": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.57975", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5806", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58082", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58118", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58119", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58094", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58061", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58074", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58019", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58122", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58103", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58173", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0327" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937665?format=api", "purl": "pkg:deb/debian/redmine@1.3.2%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.3.2%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0327" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx8x-3rud-ykby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69640?format=api", "vulnerability_id": "VCID-u87x-ypam-zyft", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69155", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69104", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68895", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68912", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68933", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68963", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68982", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69004", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68989", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.6896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69001", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69011", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69049", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69055", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69037", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69079", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69112", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.6908", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/24416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/24416" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15572", "reference_id": "CVE-2017-15572", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15572" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15572" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u87x-ypam-zyft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79259?format=api", "vulnerability_id": "VCID-vbfb-96wd-wbbb", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96519", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.9651", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96435", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.9645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96466", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.9648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96482", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96483", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96485", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96486", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96494", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96502", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.27968", "scoring_system": "epss", "scoring_elements": "0.96504", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890" }, { "reference_url": "https://github.com/RealLinkers/CVE-2019-18890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/RealLinkers/CVE-2019-18890" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Nov/31" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2019-18890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2019-18890" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4574" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18890", "reference_id": "CVE-2019-18890", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18890" }, { "reference_url": "https://usn.ubuntu.com/4200-1/", "reference_id": "USN-4200-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4200-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18890" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbfb-96wd-wbbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131162?format=api", "vulnerability_id": "VCID-vhnh-w8j2-muhy", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72055", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72062", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72082", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72059", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.7213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72115", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72101", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72149", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72135", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72178", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72188", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72182", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72174", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.7223", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72192", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.7222", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72278", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4078" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937660?format=api", "purl": "pkg:deb/debian/redmine@0.9.0~svn2902-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.0~svn2902-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhnh-w8j2-muhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69645?format=api", "vulnerability_id": "VCID-x6m2-rpuj-cbdx", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67693", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67634", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67486", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67552", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67574", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.6756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67527", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67553", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67583", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67584", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67558", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67601", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67638", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67609", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4191" }, { "reference_url": "https://www.redmine.org/issues/23793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/issues/23793" }, { "reference_url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15577", "reference_id": "CVE-2017-15577", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937671?format=api", "purl": "pkg:deb/debian/redmine@3.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15577" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6m2-rpuj-cbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247791?format=api", "vulnerability_id": "VCID-yjxe-atwc-6yec", "summary": "Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55412", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55244", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55343", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55368", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55346", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55386", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55266", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55308", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55365", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55326", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55352", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29274" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937675?format=api", "purl": "pkg:deb/debian/redmine@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29274" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxe-atwc-6yec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/248881?format=api", "vulnerability_id": "VCID-zbef-znuk-eqhr", "summary": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65933", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65678", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65758", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65798", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65812", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65822", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65796", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65843", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65887", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65858", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65877", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30163" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800", "reference_id": "986800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800" }, { "reference_url": "https://security.archlinux.org/ASA-202105-1", "reference_id": "ASA-202105-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-1" }, { "reference_url": "https://security.archlinux.org/AVG-1743", "reference_id": "AVG-1743", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937676?format=api", "purl": "pkg:deb/debian/redmine@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-30163" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbef-znuk-eqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138461?format=api", "vulnerability_id": "VCID-zkv4-be7g-1uck", "summary": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98836", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98805", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98813", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98817", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.9882", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98825", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98826", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.9883", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98831", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.73607", "scoring_system": "epss", "scoring_elements": "0.98833", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4929" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2261" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/01/06/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/01/06/7" }, { "reference_url": "http://www.redmine.org/news/49", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redmine.org/news/49" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397", "reference_id": "608397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4929", "reference_id": "CVE-2011-4929", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4929" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/unix/webapp/redmine_scm_exec.rb", "reference_id": "CVE-2011-4929;OSVDB-70090", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/unix/webapp/redmine_scm_exec.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41695.rb", "reference_id": "CVE-2011-4929;OSVDB-70090", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41695.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937664?format=api", "purl": "pkg:deb/debian/redmine@1.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937659?format=api", "purl": "pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937662?format=api", "purl": "pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937661?format=api", "purl": "pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4929" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkv4-be7g-1uck" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie" }