Search CVE reports
41 – 50 of 59 results
CVE-2012-6580
Medium priorityBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-6579
Medium priorityBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-6578
Medium priorityBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3525
Medium priority** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue,...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-4884
Medium prioritySome fixes available 3 of 6
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-4734
Medium prioritySome fixes available 3 of 6
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-4732
Medium prioritySome fixes available 3 of 6
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-4730
Medium prioritySome fixes available 3 of 6
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-2769
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow...
1 affected packages
request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-2768
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via...
2 affected packages
request-tracker4, rt3.8-rtfm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | — | — | — | — | Not affected |
| rt3.8-rtfm | — | — | — | — | Not in release |