EUVD-2023-34013

Malicious code in bioql PyPI...

CVE-2023-2534 Information disclouse and DoS via websocket push events

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

PT-2023-20028 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 8.0.31 Description: The issue allows any authenticated attacker as an Agent to track user behavior and gain live insight into overall system usage. User IDs can easily be correlated with real names, for example, vi...

GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

Race condition when using persistent connections

There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it...