Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-36093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition...

5.3CVSS5.7AI score0.01108EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-36091

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

4.3CVSS5AI score0.00726EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/09/06 2:15 p.m.33 views

CVE-2021-36093

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

5.3CVSS6.1AI score0.01108EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 5:15 a.m.23 views

CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/07/26 5:15 a.m.2 views

DEBIAN-CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS5.4AI score0.00814EPSS
Exploits0References1
NVD
NVD
added 2021/06/16 10:15 a.m.14 views

CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTR...

7.5CVSS0.01216EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/13 12:0 a.m.67 views

OTRS 6.0.x < 6.0.25, 7.0.x < 7.0.14 Message Vulnerability

OTRS is prone to a vulnerability where it is possible to send drafted messages as wrong agent. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS3.8AI score0.01241EPSS
Exploits0References1
Prion
Prion
added 2020/01/10 3:15 p.m.17 views

Design/Logic Flaw

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5CVSS5.3AI score0.01499EPSS
Exploits0References6Affected Software4
Cvelist
Cvelist
added 2019/12/05 2:54 p.m.27 views

CVE-2019-18180 Denial of service

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

5.3CVSS7.6AI score0.0192EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/07/08 1:15 p.m.32 views

CVE-2018-11563

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...

4.9CVSS6.3AI score0.00816EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/07/08 12:23 p.m.45 views

CVE-2018-11563

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...

4.9CVSS4.3AI score0.00816EPSS
Exploits0
Prion
Prion
added 2018/11/11 5:29 a.m.21 views

Open redirect

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

3.5CVSS4.7AI score0.00547EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/11 5:29 a.m.21 views

CVE-2018-19142

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

4.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2018/11/11 5:0 a.m.24 views

CVE-2018-19142

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

4.8AI score0.00547EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/11/11 5:0 a.m.52 views

CVE-2018-19142

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

4.8CVSS4.9AI score0.00547EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/09/28 12:29 a.m.24 views

CVE-2018-16586

In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources...

4.3CVSS6.6AI score0.01485EPSS
Exploits0References2
NVD
NVD
added 2018/06/06 8:29 p.m.19 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3CVSS4.3AI score0.00954EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/06 8:0 p.m.17 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3AI score0.00954EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/20 5:29 p.m.28 views

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

8.8CVSS7.2AI score0.02223EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2017/12/11 12:0 a.m.43 views

OTRS 4.x < 4.0.27, 5.x < 5.0.24, 6.x < 6.0.2 RCE Vulnerability (Dec 2017)

OTRS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...

9CVSS9AI score0.19901EPSS
Exploits8References1
Rows per page
Query Builder