CVE search results

41 – 50 of 69 results

Detailed view

Sort by:

CVE-2013-3374

Medium priority

Ignored

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and...

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3373

Medium priority

Ignored

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3372

Medium priority

Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3371

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3370

Medium priority

Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3369

Medium priority

Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2013-3368

Medium priority

Ignored

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2012-4733

Medium priority

Ignored

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via...

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

CVE-2012-6581

Medium priority

Ignored

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages...

2 affected packages

request-tracker3.8, request-tracker4

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker3.8	—	—	—	—	—
request-tracker4	—	—	—	—	—

CVE-2012-6580

Medium priority

Ignored

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof...

2 affected packages

request-tracker4, request-tracker3.8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—	—
request-tracker3.8	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports