ReportizFlow
Filtered by vendor Bestpractical
Subscriptions
Filtered by product Request Tracker
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6580 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. | ||||
| CVE-2012-6578 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. | ||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 7.5 High |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | ||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | ||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | ||||
| CVE-2021-38562 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-11-21 | 7.5 High |
| Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | ||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | ||||