Latest CVE Feed
-
4.3
MEDIUMCVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.... Read more
Affected Products : otrs- EPSS Score: %0.25
- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-21442
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.... Read more
Affected Products : time_accounting- EPSS Score: %0.36
- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require an... Read more
Affected Products : otrs- EPSS Score: %0.41
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x v... Read more
Affected Products : otrs- EPSS Score: %0.13
- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-21439
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Editio... Read more
Affected Products : otrs- EPSS Score: %0.51
- Published: Jun. 14, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-21438
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.... Read more
- EPSS Score: %0.11
- Published: Mar. 22, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-21437
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions... Read more
- EPSS Score: %0.18
- Published: Mar. 22, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-21436
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.... Read more
- EPSS Score: %0.11
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-21435
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.... Read more
Affected Products : otrs- EPSS Score: %0.32
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-21434
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x ... Read more
Affected Products : survey- EPSS Score: %0.31
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-21433
Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2... Read more
- EPSS Score: %5.47
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-21432
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc... Read more
- EPSS Score: %0.30
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-21431
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may h... Read more
Affected Products : channelmgnt- EPSS Score: %0.10
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-21430
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files ... Read more
Affected Products : openapi_generator- EPSS Score: %0.16
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave ap... Read more
Affected Products : openapi_generator- EPSS Score: %0.05
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.cre... Read more
Affected Products : openapi_generator- EPSS Score: %0.05
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-21427
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-... Read more
Affected Products : magento- EPSS Score: %0.64
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 an... Read more
Affected Products : magento- EPSS Score: %0.40
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Pa... Read more
- EPSS Score: %89.00
- Published: Apr. 07, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-21424
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempti... Read more
- EPSS Score: %0.21
- Published: May. 13, 2021
- Modified: Nov. 21, 2024