Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6579 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 6.4 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. | |||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | |||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | |||||
| CVE-2021-38562 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | |||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | |||||