Lucene search
K

212 matches found

CVE
CVE
added 2022/07/14 11:42 a.m.74 views

CVE-2022-25800

The vulnerability CVE-2022-25800 affects Best Practical RT for Incident Response (RTIR). Affected are RTIR versions before 4.0.3 and RTIR 5.x before 5.0.3, where the whois lookup tool is exploitable to perform server-side requests (SSRF). According to the initial details, the impact is high on co...

9.1CVSS9.1AI score0.00842EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/06/23 12:0 a.m.43 views

Debian DLA-3057-1 : request-tracker4 - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3057 advisory. - Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against...

7.5CVSS7.3AI score0.01707EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/10/18 8:52 a.m.34 views

CVE-2021-38562

Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm...

7.3AI score0.01707EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2021/10/18 8:52 a.m.12 views

CVE-2021-38562

Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm...

7.5CVSS6.4AI score0.01707EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/10/18 8:52 a.m.183 views

CVE-2021-38562

Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm...

7.5CVSS7.2AI score0.01707EPSS
Exploits0
NVD
NVD
added 2019/03/21 4:0 p.m.14 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

7.5CVSS7.4AI score0.02356EPSS
Exploits0References5
OSV
OSV
added 2019/03/21 4:0 p.m.20 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

7.5CVSS5.8AI score
Exploits0References5
Cvelist
Cvelist
added 2019/03/17 9:16 p.m.29 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

7.3AI score0.02356EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2019/03/17 9:16 p.m.45 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

7.5CVSS7.4AI score0.02356EPSS
Exploits0
CNVD
CNVD
added 2017/07/05 12:0 a.m.5 views

Best Practical Solutions Request Tracker Cross-Site Request Forgery Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . There is a security vulnerability in Best Practical...

8.8CVSS6.8AI score0.00835EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/08/13 12:0 a.m.33 views

FreeBSD : RT -- two XSS vulnerabilities (83b38a2c-413e-11e5-bfcf-6805ca0b3d42)

Best Practical reports : RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above a...

4.3CVSS7.4AI score0.02075EPSS
Exploits0References4
OSV
OSV
added 2013/07/24 12:1 p.m.7 views

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditin...

6.4AI score
Exploits0References2
OSV
OSV
added 2013/07/24 12:1 p.m.4 views

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.6AI score
Exploits0References2
NVD
NVD
added 2013/07/24 12:1 p.m.19 views

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.4CVSS6.5AI score0.00792EPSS
Exploits0References1
Prion
Prion
added 2013/07/24 12:1 p.m.11 views

Design/Logic Flaw

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.4CVSS7.2AI score0.00792EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2013/07/24 12:1 p.m.27 views

CVE-2012-6581

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...

4.3CVSS6AI score0.012EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/07/24 12:1 p.m.17 views

CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...

4.3CVSS5.9AI score0.01061EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/07/24 12:1 p.m.17 views

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.4CVSS5.9AI score0.00792EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/07/24 12:1 p.m.26 views

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditin...

4.3CVSS5.9AI score0.00635EPSS
Exploits0References2
CVE
CVE
added 2013/07/24 10:0 a.m.48 views

CVE-2012-6580

CVE-2012-6580 affects Best Practical Solutions RT: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, with GnuPG enabled. The issue is that the UI may not label unencrypted messages as unencrypted, which could allow remote attackers to spoof a message’s origin or interfere with encryption-policy a...

4.3CVSS6.5AI score0.00635EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder