Debian/request-tracker4 — 64 CVEs · VulnScope

pkg:Debian/request-tracker4

64 total CVEsHIGH10MEDIUM12LOW3

✅ Check your installed version

All known vulnerabilities

HIGH8.8CVE-2026-41075RT is an open source, enterprise-grade issue and ticket tracking system.
from 0
HIGH8.8CVE-2017-5944The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow rem…
from 0, < 4.4.1-4
HIGH8.8CVE-2017-5943Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information…
from 0, < 4.4.1-4
HIGH8.1RT is an open source, enterprise-grade issue and ticket tracking system.
from 0
HIGH7.5Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API cal…
from 0, < 4.4.4+dfsg-2+deb11u3
HIGH7.5request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u3
HIGH7.5request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u3
HIGH7.5request-tracker4 - security update
from 0, < 4.4.3-2+deb10u3
HIGH7.5request-tracker4 - security update
from 0, < 4.4.1-3+deb9u4
HIGH7.5request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u1
MEDIUM6.1Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests.
from 0
MEDIUM6.1Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
from 0, < 4.4.4+dfsg-2+deb11u4
MEDIUM6.1request-tracker4 - security update
from 0, < 4.4.3-2+deb10u2
MEDIUM6.1request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u2
MEDIUM6.1request-tracker4 - security update
from 0, < 4.4.1-4
MEDIUM6.1request-tracker4 - security update
from 0, < 4.4.1-3+deb9u1
MEDIUM6.1request-tracker4 - security update
from 0, < 4.0.7-5+deb7u5
MEDIUM5.9rt-authen-externalauth - security update
from 0, < 4.4.1-4
MEDIUM5.5request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u4
MEDIUM5.5request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u4
MEDIUM5.5request-tracker4 - security update
from 0, < 4.4.6+dfsg-1.1+deb12u2
MEDIUM4.6RT is an open source, enterprise-grade issue and ticket tracking system.
from 0
LOW2.6request-tracker4 - security update
from 0, < 4.4.6+dfsg-1.1+deb12u3
LOW2.6request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u5
LOW2.6request-tracker4 - security update
from 0, < 4.4.4+dfsg-2+deb11u5
—(no summary)
from 0
—(no summary)
from 0
—(no summary)
from 0
—Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is us…
from 0, < 4.4.4+dfsg-2+deb11u4
—Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inj…
from 0, < 4.2.11-2
—request-tracker4 - security update
from 0, < 4.0.7-5+deb7u4
—request-tracker4 - security update
from 0, < 4.2.11-2
—RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
from 0, < 4.2.8-3
—RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs…
from 0, < 4.2.8-3
—request-tracker4 - security update
from 0, < 4.0.7-5+deb7u3
—request-tracker4 - security update
from 0, < 4.2.8-3
—Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers…
from 0, < 4.0.12-2
—Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session…
from 0, < 4.0.12-2
—CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrar…
from 0, < 4.0.12-2
—Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP header…
from 0, < 4.0.12-2
—Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to in…
from 0, < 4.0.12-2
—Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which al…
from 0, < 4.0.12-2
—Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the adminis…
from 0, < 4.0.12-2
—request-tracker3.8 - several
from 0, < 4.0.12-2
—request-tracker4 - several
from 0, < 4.0.7-5+deb7u2
—request-tracker4 - several
from 0, < 4.0.12-2
—Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended r…
from 0, < 4.0.7-2
—Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypt…
from 0, < 4.0.7-2
—Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encrypt…
from 0, < 4.0.7-2
—Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration,…
from 0, < 4.0.7-2
—Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbit…
from 0, < 4.0.7-2
—Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the…
from 0, < 4.0.7-2
—Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versio…
from 0, < 4.0.7-2
—rtfm - privilege escalation
from 0, < 4.0.7-2
—request-tracker3.8 - several
from 0, < 4.0.7-2
—Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for B…
from 0, < 4.0.6-1
—rtfm - cross-site scripting
from 0, < 4.0.6-1
—SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users…
from 0, < 4.0.5-3
—Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated user…
from 0, < 4.0.5-3
—Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enab…
from 0, < 4.0.5-3
—Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote a…
from 0, < 4.0.5-3
—Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords…
from 0, < 4.0.5-3
—Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote atta…
from 0, < 4.0.5-3
—request-tracker3.8 - several
from 0, < 4.0.5-3