EUVD-2021-8714

Malicious code in bioql PyPI...

Code injection

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

Code injection

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

PT-2021-21111 · Otrs Ag +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS AG OTRS Community Edition versions 6.0.1 and later OTRS AG OTRS versions prior to 7.0.27 Description: The issue allows agents to list appointments in calendars without the necessary permissions. Recommendations: For OTRS AG OTRS Communit...

Apache Tomcat 7.0.27 < 7.0.105

The version of Tomcat installed on the remote host is prior to 7.0.105. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.105security-7 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6,...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...