CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4569
https://notcve.org/view.php?id=CVE-2010-4569
28 Jan 2011 — Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en la funcionalidad duplicate-detection en Bugzilla v3.7.1, v3.7.2, v3.7.3, y v4.0rc1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del campo "real" de una... • http://osvdb.org/70701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 109EXPL: 0CVE-2011-0048
https://notcve.org/view.php?id=CVE-2011-0048
28 Jan 2011 — Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI. Bugzilla anterior a v3.2.10, v3.4.x anterior a v3.4.10, v3.6.x anterior a v3.6.4, y v4.0.x anterior a v4.0rc2 crea un enlace a un campo URI de la URL (también conocido como bug_file_loc) de (1) javascri... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2010-4209
https://notcve.org/view.php?id=CVE-2010-4209
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.8.0 hasta v2.8.1, tal como se emplea en Bugzilla v3.7.1 hasta v3.7.3 y v4.1, permite a atacantes remotos inyecta... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 92EXPL: 1CVE-2010-3764
https://notcve.org/view.php?id=CVE-2010-3764
05 Nov 2010 — The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. La implementación Old Charts en Bugzilla v2.12 hasta v3.2.8, v3.4.8, v3.6.2, v3.7.3, y v4.1 crea archivos gráficos con nombres predecibles en graphs/, lo que permite a atacantes remotos obtener información sensible a través de URL modificadas. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 1%CPEs: 105EXPL: 0CVE-2010-3172
https://notcve.org/view.php?id=CVE-2010-3172
05 Nov 2010 — CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en Bugzilla anterior a v3.2.9, v3.4.x anterior a v3.4.9, v3.6.x anterior a v3.6.3, y v4.0.x anterior a v4.0rc1, cuando S... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 52EXPL: 0CVE-2010-2759
https://notcve.org/view.php?id=CVE-2010-2759
13 Aug 2010 — Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 61EXPL: 0CVE-2010-2757
https://notcve.org/view.php?id=CVE-2010-2757
13 Aug 2010 — The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. La funcionalidad sudo de Bugzilla v2.22rc1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 no envía apropiadamente notificaciones de suplantación, lo que facilita a usuarios remotos autenticados el suplant... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 100EXPL: 0CVE-2010-2758
https://notcve.org/view.php?id=CVE-2010-2758
13 Aug 2010 — Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 78EXPL: 0CVE-2010-2756
https://notcve.org/view.php?id=CVE-2010-2756
13 Aug 2010 — Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. Search.pm en Bugzilla v2.19.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 permite a atacantes remotos determinar la pertenencia a grupos de usuarios de su elección a través de vectores de ataque q... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2010-2470
https://notcve.org/view.php?id=CVE-2010-2470
28 Jun 2010 — Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. Install/Filesystem.pm en Bugzilla v3.5.1 hasta v3.6.1 y v3.7 hasta v3.7.1, cuando está activado use_suexec, usa permisos world-readable dentro de (1) .bzr/ y (2) data/webdot/, lo que permit... • https://bugzilla.mozilla.org/show_bug.cgi?id=561797 • CWE-264: Permissions, Privileges, and Access Controls •