Filtered by vendor Redhat Subscriptions
Filtered by product Powertools Subscriptions
Total 79 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-1154 2 Redhat, Stephen Turner 2 Powertools, Analog 2024-11-21 N/A
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
CVE-2002-0989 2 Redhat, Rob Flynn 4 Enterprise Linux, Linux, Powertools and 1 more 2024-11-21 N/A
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.
CVE-2002-0855 2 Gnu, Redhat 5 Mailman, Enterprise Linux, Linux and 2 more 2024-11-21 N/A
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
CVE-2002-0838 4 Ggv, Ghostview, Gv and 1 more 6 Ggv, Ghostview, Gv and 3 more 2024-11-21 N/A
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
CVE-2002-0834 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
CVE-2002-0822 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
CVE-2002-0821 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
CVE-2002-0811 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
CVE-2002-0810 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
CVE-2002-0809 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
CVE-2002-0808 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
CVE-2002-0807 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
CVE-2002-0806 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
CVE-2002-0805 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
CVE-2002-0804 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
CVE-2002-0803 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-11-21 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
CVE-2002-0688 2 Redhat, Zope 2 Powertools, Zope 2024-11-21 N/A
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
CVE-2002-0687 2 Redhat, Zope 2 Powertools, Zope 2024-11-21 N/A
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
CVE-2002-0404 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
CVE-2002-0403 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.