UBUNTU-CVE-2021-21434

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface i.e. another agent who wants to make changes in the survey. This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions...

DEBIAN-CVE-2019-3840

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

DEBIAN-CVE-2011-1433

The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...