Search for packages
| purl | pkg:deb/debian/request-tracker4@4.2.8-3 |
| Next non-vulnerable version | 4.4.6+dfsg-1.1+deb12u3 |
| Latest non-vulnerable version | 4.4.6+dfsg-1.1+deb12u3 |
| Risk | 1.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3yyu-mew5-cbbc
Aliases: CVE-2017-5943 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-4z4v-fvc6-pqg5
Aliases: CVE-2016-6127 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-7h8j-qdnc-zqgt
Aliases: CVE-2015-6506 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-agzq-e3sq-2qcg
Aliases: CVE-2025-2545 |
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages. |
Affected by 0 other vulnerabilities. |
|
VCID-arbg-nyau-9fc2
Aliases: CVE-2017-5944 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-ehhx-2gjq-nkee
Aliases: CVE-2021-38562 |
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. |
Affected by 10 other vulnerabilities. |
|
VCID-f91m-894b-u7dr
Aliases: CVE-2023-41259 |
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. |
Affected by 10 other vulnerabilities. |
|
VCID-pyvn-d99c-nfaw
Aliases: CVE-2025-30087 |
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. |
Affected by 0 other vulnerabilities. |
|
VCID-w58v-b4n3-7fb4
Aliases: CVE-2025-61873 |
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. |
Affected by 0 other vulnerabilities. |
|
VCID-wgs7-ztvz-wkag
Aliases: CVE-2022-25802 |
security update |
Affected by 8 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-wj3w-p4m6-2kej
Aliases: CVE-2024-3262 |
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination. |
Affected by 0 other vulnerabilities. |
|
VCID-x5q5-duu5-dbhb
Aliases: CVE-2023-41260 |
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. |
Affected by 10 other vulnerabilities. |
|
VCID-z9gm-1a86-z7hw
Aliases: CVE-2017-5361 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-zz6h-cqxk-xqed
Aliases: CVE-2015-5475 |
security update |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8bbn-fppq-6ban | security update |
CVE-2015-1165
|
| VCID-qta9-hsqf-v3gt | security update |
CVE-2014-9472
|
| VCID-t82f-k6gy-2ya7 | security update |
CVE-2015-1464
|