Search CVE reports
31 – 40 of 59 results
CVE-2013-5587
Medium priorityCross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3374
Medium priorityUnspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3373
Medium priorityCRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3372
Medium priorityRequest Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3371
Medium priorityCross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3370
Medium priorityRequest Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3369
Medium priorityRequest Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2013-3368
Medium prioritybin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-4733
Medium priorityRequest Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |
CVE-2012-6581
Medium priorityBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages...
2 affected packages
request-tracker3.8, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| request-tracker3.8 | — | — | — | — | Not in release |
| request-tracker4 | — | — | — | — | Not affected |