CVSS: 4.0EPSS: 1%CPEs: 52EXPL: 0CVE-2010-2759
https://notcve.org/view.php?id=CVE-2010-2759
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y (2) "attachment", lo que permite a usuarios autenticados remotos provocar una denegación de servicio (invisibilidad de bug) a través de un comentario modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2010-1204
https://notcve.org/view.php?id=CVE-2010-1204
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." Search.pm en Bugzilla v2.17.1 hasta v3.2.6, v3.3.1 hasta v3.4.6, v3.5.1 hasta v3.6, y v3.7 permite a atacante remotos obtener potencialmente información sensible del tiempo de seguimiento a través de una búsqueda de URL manipulada, relacionado con "boolean chart search." • http://secunia.com/advisories/40300 http://www.bugzilla.org/security/3.2.6 http://www.securityfocus.com/bid/41141 http://www.vupen.com/english/advisories/2010/1595 https://bugzilla.mozilla.org/show_bug.cgi?id=309952 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3387
https://notcve.org/view.php?id=CVE-2009-3387
Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances. Bugzilla desde v3.3.1 hasta v3.4.4, v3.5.1, y v3.5.2 no permite que se mantengan las restricciones de grupo durante el proceso de traslado de un bug a otra categoría de producto, lo que permite a atacantes remotos conseguir información sensible a través de una petición para un bug en determinadas circunstancias. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38026 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=532493 https://exchange.xforce.ibmcloud.com/vulnerabilities/56004 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0CVE-2009-3989
https://notcve.org/view.php?id=CVE-2009-3989
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en instalaciones personalizadas, lo que permite a atacantes remotos conseguir información sensible a través de peticiones para (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3386
https://notcve.org/view.php?id=CVE-2009-3386
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. El fichero Template.pm en Bugzilla v3.3.2 hasta la v3.4.3 y v3.5 hasta la v3.5.1 permite descubrir a atacantes remotos el alias de un bug privado al leer los campos (1) "Depends On" o (2) "Blocks" de un bug relacionado. • http://osvdb.org/60271 http://secunia.com/advisories/37423 http://www.bugzilla.org/security/3.4.3 http://www.securityfocus.com/bid/37062 http://www.vupen.com/english/advisories/2009/3288 https://bugzilla.mozilla.org/show_bug.cgi?id=529416 https://exchange.xforce.ibmcloud.com/vulnerabilities/54332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •