Debian/trac — 21 CVEs

CRITICAL9.4CVE-2006-3695trac - missing input sanitising

from 0, < 0.9.6-1

CRITICAL9.4CVE-2006-3695trac - missing input sanitising

from 0, < 0.8.1-3sarge5

HIGH7.5CVE-2008-5646Trac vulnerable to denial of service

from 0, < 0.11.1-2.1

HIGH7.5Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils

from 0, < 0.11.6-1

HIGH7.5trac

from 0, < 0.10.1-1

HIGH7.5trac

from 0, < 0.8.1-3sarge6

HIGH7.5Trac 0.11.6 does not properly check workflow permissions before modifying a ticket.

from 0, < 0.11.7-1

MEDIUM6.1Trac Cross-site Scripting (XSS) vulnerability

from 0, < 0.11-1

MEDIUM6.1Trac Open Redirect vulnerability

from 0, < 0.11-1

MEDIUM6.1Trac Cross-site Scripting (XSS) vulnerability

from 0, < 0.10.4-1

MEDIUM6.1Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

from 0, < 0.9.3-1

MEDIUM5.4Trac has vulnerability in HTML sanitizer filter

from 0, < 0.11.1-2.1

MEDIUM5.3Trac missing Content-Disposition HTTP header

from 0, < 0.10.4-1

—Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script…

from 0, < 0.9.5-1

—Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or H…

from 0, < 0.9.3-1

—trac - missing input sanitising

from 0, < 0.8.1-3sarge4

—trac - missing input sanitising

from 0, < 0.9.2-1

—SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitra…

from 0, < 0.9.1-1

—trac - missing input sanitising

from 0, < 0.8.4-1

—trac - missing input sanitising

from 0, < 0.8.1-3sarge2

—Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a ..

from 0, < 0.8.4-1

pkg:Debian/trac