Debian dla-3551 : otrs - security update

"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3551 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3551-1 [email protected]...

[SECURITY] [DLA 3551-1] otrs2 security update

Debian LTS Advisory DLA-3551-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin August 31, 2023 https://wiki.debian.org/LTS Package : otrs2 Version : 6.0.16-2+deb10u1 CVE ID : CVE-2019-11358 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13458 CVE-2019-16375...

DLA-3551-1 otrs2 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3551-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1212-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-787-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1215-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege Escalation

otrs2 is vulnerable to privilege. An attacker is able to list appointments in the calendars without required permissions...

Information Disclosure

otrs2 is vulnerable to information disclosure. Private S/MIME and PGP keys are disclosed when the containing folder is not hidden...

Privilege Escalation

otrs2 is vulnerable to privilege escalation. The vulnerability exists due to the lack of permission in the bulk action screen...

Cross-site Scripting (XSS)

otrs2:sid is vulnerable to cross-site scripting. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction...

Debian DLA-2198-1 : otrs2 security update

Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. CVE-2020-1772 Its possible to craft Lost Password requests with wildcards in the Token...

Debian: Security Advisory (DLA-2198-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2198-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...

DLA-2198-1 otrs2 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-2118-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2118-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u14 CVE ID : CVE-2019-11358 Debian Bug : 927385 It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend. For Debian 8 "Jessie", this problem has been fixed in...

DLA-2118-1 otrs2 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-2079-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2079-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u13 CVE ID : CVE-2020-1765 CVE-2020-1766 CVE-2020-1767 Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing. CVE-2020-1765 An improper control of parameters allows the...