Filtered by vendor Redhat
Subscriptions
Filtered by product Powertools
Subscriptions
Total
79 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-0007 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | ||||
CVE-2001-1407 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. | ||||
CVE-2001-1406 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. | ||||
CVE-2001-1405 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | ||||
CVE-2001-1404 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. | ||||
CVE-2001-1403 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. | ||||
CVE-2001-1402 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | ||||
CVE-2001-1401 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | ||||
CVE-2001-1377 | 12 Freeradius, Gnu, Icradius and 9 more | 12 Freeradius, Radius, Icradius and 9 more | 2024-11-21 | N/A |
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | ||||
CVE-2001-1376 | 13 Ascend, Freeradius, Gnu and 10 more | 13 Radius, Freeradius, Radius and 10 more | 2024-11-21 | N/A |
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | ||||
CVE-2001-1333 | 2 Easy Software Products, Redhat | 2 Cups, Powertools | 2024-11-21 | N/A |
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. | ||||
CVE-2001-1332 | 2 Easy Software Products, Redhat | 2 Cups, Powertools | 2024-11-21 | N/A |
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. | ||||
CVE-2001-1230 | 2 Icecast, Redhat | 2 Icecast, Powertools | 2024-11-21 | N/A |
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | ||||
CVE-2001-1229 | 3 Icecast, Libshout, Redhat | 3 Icecast, Libshout, Powertools | 2024-11-21 | N/A |
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | ||||
CVE-2001-1227 | 2 Redhat, Zope | 3 Linux, Powertools, Zope | 2024-11-21 | N/A |
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | ||||
CVE-2001-1083 | 2 Icecast, Redhat | 2 Icecast, Powertools | 2024-11-21 | N/A |
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). | ||||
CVE-2001-0894 | 2 Redhat, Wietse Venema | 2 Powertools, Postfix | 2024-11-21 | N/A |
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. | ||||
CVE-2001-0890 | 2 Redhat, Sane | 3 Linux, Powertools, Sane | 2024-11-21 | N/A |
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. | ||||
CVE-2001-0889 | 2 Redhat, University Of Cambridge | 3 Linux, Powertools, Exim | 2024-11-21 | N/A |
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | ||||
CVE-2001-0887 | 2 Oliver Rauch, Redhat | 3 Xsane, Linux, Powertools | 2024-11-21 | N/A |
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. |