Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

31 – 40 of 58 results

CVE-2013-3374

Medium priority
Ignored

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and...

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3373

Medium priority
Ignored

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3372

Medium priority
Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3371

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3370

Medium priority
Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3369

Medium priority
Ignored

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2013-3368

Medium priority
Ignored

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2012-4733

Medium priority
Ignored

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via...

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2012-6581

Medium priority
Ignored

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages...

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages

CVE-2012-6580

Medium priority
Ignored

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof...

2 affected packages

request-tracker3.8, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker3.8 Not in release
request-tracker4 Not affected
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON