Filtered by vendor Redhat
Subscriptions
Filtered by product Powertools
Subscriptions
Total
79 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-1154 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2024-11-21 | N/A |
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | ||||
CVE-2002-0989 | 2 Redhat, Rob Flynn | 4 Enterprise Linux, Linux, Powertools and 1 more | 2024-11-21 | N/A |
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. | ||||
CVE-2002-0855 | 2 Gnu, Redhat | 5 Mailman, Enterprise Linux, Linux and 2 more | 2024-11-21 | N/A |
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | ||||
CVE-2002-0838 | 4 Ggv, Ghostview, Gv and 1 more | 6 Ggv, Ghostview, Gv and 3 more | 2024-11-21 | N/A |
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. | ||||
CVE-2002-0834 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-11-21 | N/A |
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | ||||
CVE-2002-0822 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-11-21 | N/A |
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | ||||
CVE-2002-0821 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-11-21 | N/A |
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | ||||
CVE-2002-0811 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | ||||
CVE-2002-0810 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | ||||
CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
CVE-2002-0808 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
CVE-2002-0807 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||
CVE-2002-0806 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | ||||
CVE-2002-0805 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | ||||
CVE-2002-0804 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | ||||
CVE-2002-0803 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | ||||
CVE-2002-0688 | 2 Redhat, Zope | 2 Powertools, Zope | 2024-11-21 | N/A |
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. | ||||
CVE-2002-0687 | 2 Redhat, Zope | 2 Powertools, Zope | 2024-11-21 | N/A |
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | ||||
CVE-2002-0404 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-11-21 | N/A |
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). | ||||
CVE-2002-0403 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-11-21 | N/A |
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. |