Filtered by vendor Redhat Subscriptions
Filtered by product Powertools Subscriptions
Total 79 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0384 2 Redhat, Rob Flynn 4 Enterprise Linux, Linux, Powertools and 1 more 2024-08-08 N/A
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
CVE-2002-0388 2 Gnu, Redhat 5 Mailman, Enterprise Linux, Linux and 2 more 2024-08-08 N/A
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
CVE-2002-0401 3 Debian, Ethereal, Redhat 4 Debian Linux, Ethereal, Linux and 1 more 2024-08-08 7.5 High
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
CVE-2002-0184 3 Debian, Redhat, Sudo Project 4 Debian Linux, Linux, Powertools and 1 more 2024-08-08 7.8 High
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
CVE-2002-0177 2 Icecast, Redhat 2 Icecast, Powertools 2024-08-08 N/A
Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.
CVE-2002-0170 2 Redhat, Zope 2 Powertools, Zope 2024-08-08 N/A
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
CVE-2002-0165 2 Logwatch, Redhat 3 Logwatch, Linux, Powertools 2024-08-08 N/A
LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.
CVE-2002-0166 2 Redhat, Stephen Turner 2 Powertools, Analog 2024-08-08 N/A
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
CVE-2002-0162 2 Logwatch, Redhat 3 Logwatch, Linux, Powertools 2024-08-08 N/A
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
CVE-2002-0011 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
CVE-2002-0063 2 Easy Software Products, Redhat 2 Cups, Powertools 2024-08-08 N/A
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
CVE-2002-0010 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
CVE-2002-0059 2 Redhat, Zlib 3 Linux, Powertools, Zlib 2024-08-08 9.8 Critical
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2002-0013 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2024-08-08 N/A
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2002-0007 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
CVE-2002-0043 2 Redhat, Todd Miller 3 Linux, Powertools, Sudo 2024-08-08 N/A
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
CVE-2002-0009 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.
CVE-2002-0012 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2024-08-08 N/A
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2002-0008 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.