CVSS: 5.0EPSS: 0%CPEs: 100EXPL: 0CVE-2010-2758
https://notcve.org/view.php?id=CVE-2010-2758
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remotos el adivinar nombres de producto a través de un uso sin especificar de las páginas (1) "Reports" o (2) "Duplicates". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 2%CPEs: 78EXPL: 0CVE-2010-2756
https://notcve.org/view.php?id=CVE-2010-2756
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. Search.pm en Bugzilla v2.19.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 permite a atacantes remotos determinar la pertenencia a grupos de usuarios de su elección a través de vectores de ataque que involucran el interfaz de búsqueda, "boolean charts" y "group-based pronouns". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 61EXPL: 0CVE-2010-2757
https://notcve.org/view.php?id=CVE-2010-2757
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. La funcionalidad sudo de Bugzilla v2.22rc1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 no envía apropiadamente notificaciones de suplantación, lo que facilita a usuarios remotos autenticados el suplantar a otros usuarios sin una exploración. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 1%CPEs: 52EXPL: 0CVE-2010-2759
https://notcve.org/view.php?id=CVE-2010-2759
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y (2) "attachment", lo que permite a usuarios autenticados remotos provocar una denegación de servicio (invisibilidad de bug) a través de un comentario modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0CVE-2009-3989
https://notcve.org/view.php?id=CVE-2009-3989
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en instalaciones personalizadas, lo que permite a atacantes remotos conseguir información sensible a través de peticiones para (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003 • CWE-264: Permissions, Privileges, and Access Controls •