CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2005-3139
https://notcve.org/view.php?id=CVE-2005-3139
05 Oct 2005 — Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
08 Jul 2005 — The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2174
https://notcve.org/view.php?id=CVE-2005-2174
08 Jul 2005 — Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. • http://securitytracker.com/id?1014428 •