OTRS 5.0.x < 5.0.42, 6.0.x < 6.0.27, 7.0.x < 7.0.16 Multiple Vulnerabilities

OTRS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

openSUSE Security Update : opera (openSUSE-2020-402)

This update for opera fixes the following issues : Update to version 67.0.3575.97 - DNA-84063 Open URL in new tab with Go to web address in search/copy popup and right mouse click context menu - DNA-84780 Search in Search and Copy popup opens tab in wrong position from popup window - DNA-84786...

CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

Design/Logic Flaw

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1769 Autocomplete in the form login screens

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1769

CVE-2020-1769 affects OTRS/Open-Source Ticket Request System where the login screens autocomplete username/password fields. Root cause: autocomplete enabled in login inputs, allowing potential credential exposure. The fix adds a configuration setting (DisableLoginAutocomplete) to disable autocomp...

CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

PT-2020-15046 · Otrs +2 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.41 and prior OTRS Community Edition versions 6.0.26 and prior OTRS versions 7.0.15 and prior Description: The issue is related to the use of autocomplete in the Username and Password fields on the login...

Unspecified Vulnerability in Zimbra zm-mailbox

Zimbra zm-mailbox is a mailbox management tool from the American company Zimbra. A security vulnerability in the cs/service/account/AutoCompleteGal.java file in versions of Zimbra zm-mailbox prior to 8.8.15.p8 can be exploited by an attacker to request an arbitrary GAL account...

DEBIAN-CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...

UBUNTU-CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...

Security Bulletin: API Connect is impacted by credential caching

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4444 DESCRIPTION: IBM API Connect Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials...

openSUSE Security Update : chromium (openSUSE-2019-2692)

This update for chromium fixes the following issues : Chromium was updated to 79.0.3945.79 boo1158982 - CVE-2019-13725: Fixed a use after free in Bluetooth - CVE-2019-13726: Fixed a heap buffer overflow in password manager - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets -...

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453...

Design/Logic Flaw

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453...

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453...

CVE-2019-4444

IBM API Connect CVE-2019-4444 affects Developer Portal on versions 2018.1–2018.4.1.7, where the user registration page does not disable password autocomplete. The vulnerability enables a local attacker with access to the browser and local system credentials to steal registration passwords. Remedi...

chromium-browser: Insufficient policy enforcement in autocomplete

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...