Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42137 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. | |||||
| CVE-2021-42094 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. | |||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | |||||
| CVE-2021-42092 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | |||||
| CVE-2021-42091 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | |||||
| CVE-2021-42090 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. | |||||
| CVE-2021-42089 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | |||||
| CVE-2021-42088 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | |||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | |||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | |||||
| CVE-2021-42085 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | |||||
| CVE-2021-42084 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. | |||||
| CVE-2021-35303 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | |||||
| CVE-2021-35302 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. | |||||
| CVE-2021-35301 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. | |||||
| CVE-2021-35300 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page. | |||||
| CVE-2021-35299 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | |||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | |||||
| CVE-2020-29160 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing. | |||||
| CVE-2020-29159 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended. | |||||