Vulnerabilities > Bestpractical > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-41259 Unspecified vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
network
low complexity
bestpractical
7.5
7.5
2023-11-03 CVE-2023-41260 Unspecified vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
network
low complexity
bestpractical
7.5
7.5
2023-11-03 CVE-2023-45024 Unspecified vulnerability in Bestpractical Request Tracker
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
network
low complexity
bestpractical
7.5
7.5
2021-10-18 CVE-2021-38562 Information Exposure Through Discrepancy vulnerability in multiple products
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
network
low complexity
bestpractical fedoraproject debian CWE-203
7.5
7.5
2019-03-21 CVE-2018-18898 Resource Exhaustion vulnerability in multiple products
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. 		7.5
7.5
2015-03-09 CVE-2014-9472 Resource Management Errors vulnerability in multiple products
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. 		7.1
7.1
2012-06-04 CVE-2011-5092 Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.
network
low complexity
bestpractical CWE-264
7.5
7.5