Filtered by vendor Redhat
Subscriptions
Filtered by product Powertools
Subscriptions
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0803 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | ||||
| CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
| CVE-2002-0810 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | ||||
| CVE-2002-0822 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | ||||
| CVE-2002-0811 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | ||||
| CVE-2002-0838 | 4 Ggv, Ghostview, Gv and 1 more | 6 Ggv, Ghostview, Gv and 3 more | 2024-08-08 | N/A |
| Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. | ||||
| CVE-2002-0805 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | ||||
| CVE-2002-0804 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | ||||
| CVE-2002-0834 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | ||||
| CVE-2002-0806 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | ||||
| CVE-2002-0855 | 2 Gnu, Redhat | 5 Mailman, Enterprise Linux, Linux and 2 more | 2024-08-08 | N/A |
| Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | ||||
| CVE-2002-0808 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
| CVE-2002-0821 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | ||||
| CVE-2002-0807 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||
| CVE-2002-0687 | 2 Redhat, Zope | 2 Powertools, Zope | 2024-08-08 | N/A |
| The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | ||||
| CVE-2002-0688 | 2 Redhat, Zope | 2 Powertools, Zope | 2024-08-08 | N/A |
| ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. | ||||
| CVE-2002-0403 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | ||||
| CVE-2002-0353 | 2 Ethereal Group, Redhat | 3 Ethereal, Linux, Powertools | 2024-08-08 | N/A |
| The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. | ||||
| CVE-2002-0404 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2002-0402 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. | ||||