Page 9 of 47 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 100EXPL: 0

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remotos el adivinar nombres de producto a través de un uso sin especificar de las páginas (1) "Reports" o (2) "Duplicates". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 2%CPEs: 78EXPL: 0

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. Search.pm en Bugzilla v2.19.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 permite a atacantes remotos determinar la pertenencia a grupos de usuarios de su elección a través de vectores de ataque que involucran el interfaz de búsqueda, "boolean charts" y "group-based pronouns". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 1%CPEs: 52EXPL: 0

Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y (2) "attachment", lo que permite a usuarios autenticados remotos provocar una denegación de servicio (invisibilidad de bug) a través de un comentario modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-189: Numeric Errors •

CVSS: 6.5EPSS: 0%CPEs: 61EXPL: 0

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. La funcionalidad sudo de Bugzilla v2.22rc1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 no envía apropiadamente notificaciones de suplantación, lo que facilita a usuarios remotos autenticados el suplantar a otros usuarios sin una exploración. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." Search.pm en Bugzilla v2.17.1 hasta v3.2.6, v3.3.1 hasta v3.4.6, v3.5.1 hasta v3.6, y v3.7 permite a atacante remotos obtener potencialmente información sensible del tiempo de seguimiento a través de una búsqueda de URL manipulada, relacionado con "boolean chart search." • http://secunia.com/advisories/40300 http://www.bugzilla.org/security/3.2.6 http://www.securityfocus.com/bid/41141 http://www.vupen.com/english/advisories/2010/1595 https://bugzilla.mozilla.org/show_bug.cgi?id=309952 • CWE-264: Permissions, Privileges, and Access Controls •