CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2005-3139
https://notcve.org/view.php?id=CVE-2005-3139
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://secunia.com/advisories/17030 http://www.bugzilla.org/security/2.18.4 http://www.securityfocus.com/bid/14996 https://exchange.xforce.ibmcloud.com/vulnerabilities/42799 •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1 https://bugzilla.mozilla.org/show_bug.cgi?id=293159 •
CVSS: 2.6EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2174
https://notcve.org/view.php?id=CVE-2005-2174
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. • http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1 https://bugzilla.mozilla.org/show_bug.cgi?id=293159 •