CVE search results

31 – 40 of 63 results

Detailed view

Sort by:

CVE-2015-1165

Medium priority

Ignored

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

2 affected packages

request-tracker3.8, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker3.8	—	—	—	Not in release
request-tracker4	—	—	—	Not affected

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

2 affected packages

request-tracker3.8, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker3.8	—	—	—	Not in release
request-tracker4	—	—	—	Not affected

CVE-2013-5587

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been...

2 affected packages

request-tracker3.8, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker3.8	—	—	—	—
request-tracker4	—	—	—	—

CVE-2013-3736

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of...

1 affected package

request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—

CVE-2013-3525

Medium priority

Ignored

SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were...

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

CVE-2013-3374

Medium priority

Ignored

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and...

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

CVE-2013-3373

Medium priority

Ignored

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

CVE-2013-3372

Medium priority

Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

CVE-2013-3371

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

CVE-2013-3370

Medium priority

Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

2 affected packages

request-tracker4, request-tracker3.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
request-tracker4	—	—	—	—
request-tracker3.8	—	—	—	—

Export to JSON

Results by page:

Search CVE reports

CVE-2015-1165

CVE-2014-9472

CVE-2013-5587

CVE-2013-3736

CVE-2013-3525

CVE-2013-3374

CVE-2013-3373

CVE-2013-3372

CVE-2013-3371

CVE-2013-3370