Filtered by vendor Redhat Subscriptions
Filtered by product Powertools Subscriptions
Total 79 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0007 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
CVE-2001-1407 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
CVE-2001-1406 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
CVE-2001-1405 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
CVE-2001-1404 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
CVE-2001-1403 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
CVE-2001-1402 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
CVE-2001-1401 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
CVE-2001-1377 12 Freeradius, Gnu, Icradius and 9 more 12 Freeradius, Radius, Icradius and 9 more 2024-11-21 N/A
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVE-2001-1376 13 Ascend, Freeradius, Gnu and 10 more 13 Radius, Freeradius, Radius and 10 more 2024-11-21 N/A
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
CVE-2001-1333 2 Easy Software Products, Redhat 2 Cups, Powertools 2024-11-21 N/A
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
CVE-2001-1332 2 Easy Software Products, Redhat 2 Cups, Powertools 2024-11-21 N/A
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
CVE-2001-1230 2 Icecast, Redhat 2 Icecast, Powertools 2024-11-21 N/A
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1229 3 Icecast, Libshout, Redhat 3 Icecast, Libshout, Powertools 2024-11-21 N/A
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1227 2 Redhat, Zope 3 Linux, Powertools, Zope 2024-11-21 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2001-1083 2 Icecast, Redhat 2 Icecast, Powertools 2024-11-21 N/A
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
CVE-2001-0894 2 Redhat, Wietse Venema 2 Powertools, Postfix 2024-11-21 N/A
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
CVE-2001-0890 2 Redhat, Sane 3 Linux, Powertools, Sane 2024-11-21 N/A
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
CVE-2001-0889 2 Redhat, University Of Cambridge 3 Linux, Powertools, Exim 2024-11-21 N/A
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2001-0887 2 Oliver Rauch, Redhat 3 Xsane, Linux, Powertools 2024-11-21 N/A
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.