CVSS: 4.0EPSS: 1%CPEs: 52EXPL: 0CVE-2010-2759
https://notcve.org/view.php?id=CVE-2010-2759
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y (2) "attachment", lo que permite a usuarios autenticados remotos provocar una denegación de servicio (invisibilidad de bug) a través de un comentario modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2010-1204
https://notcve.org/view.php?id=CVE-2010-1204
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." Search.pm en Bugzilla v2.17.1 hasta v3.2.6, v3.3.1 hasta v3.4.6, v3.5.1 hasta v3.6, y v3.7 permite a atacante remotos obtener potencialmente información sensible del tiempo de seguimiento a través de una búsqueda de URL manipulada, relacionado con "boolean chart search." • http://secunia.com/advisories/40300 http://www.bugzilla.org/security/3.2.6 http://www.securityfocus.com/bid/41141 http://www.vupen.com/english/advisories/2010/1595 https://bugzilla.mozilla.org/show_bug.cgi?id=309952 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0CVE-2009-3989
https://notcve.org/view.php?id=CVE-2009-3989
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en instalaciones personalizadas, lo que permite a atacantes remotos conseguir información sensible a través de peticiones para (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 64EXPL: 0CVE-2008-6098
https://notcve.org/view.php?id=CVE-2008-6098
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Bugzilla v3.2 anterior a v3.2 RC2, v3.0 anterior a v3.0.6, v2.22 anterior a v2.22.6, v2.20 anterior a v2.20.7, y otras versiones posteriores a v2.17.4, permite a usuarios autenticados remotamente evitar la moderación para aprobar o denegar los "quips" • http://secunia.com/advisories/32501 http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.20.6 http://www.securityfocus.com/bid/32178 https://bugzilla.mozilla.org/show_bug.cgi?id=449931 https://exchange.xforce.ibmcloud.com/vulnerabilities/46424 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 76EXPL: 0CVE-2009-0481
https://notcve.org/view.php?id=CVE-2009-0481
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. Bugzilla v2.x anterior a v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1 y v3.3 anterior a v3.3.2 ; permite a usuarios autenticados en remoto provocar una secuencia de comandos en sitios cruzados (XSS) y ataques relacionados al subir adjuntos HTML y JavaScript que son interpretados por los navegadores Web. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •