Filtered by vendor Redhat Subscriptions
Filtered by product Powertools Subscriptions
Total 79 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-1211 2 Redhat, Zope 2 Powertools, Zope 2024-08-08 N/A
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
CVE-2000-1212 2 Redhat, Zope 2 Powertools, Zope 2024-08-08 N/A
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
CVE-2000-0715 3 Conectiva, Kirk Bauer, Redhat 3 Linux, Diskcheck, Powertools 2024-08-08 N/A
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2001-1377 12 Freeradius, Gnu, Icradius and 9 more 12 Freeradius, Radius, Icradius and 9 more 2024-08-08 N/A
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVE-2001-1405 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
CVE-2001-1406 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
CVE-2001-1401 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
CVE-2001-1403 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
CVE-2001-1404 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
CVE-2001-1407 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
CVE-2001-1402 2 Mozilla, Redhat 2 Bugzilla, Powertools 2024-08-08 N/A
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
CVE-2001-1376 13 Ascend, Freeradius, Gnu and 10 more 13 Radius, Freeradius, Radius and 10 more 2024-08-08 N/A
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
CVE-2001-1333 2 Easy Software Products, Redhat 2 Cups, Powertools 2024-08-08 N/A
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
CVE-2001-1332 2 Easy Software Products, Redhat 2 Cups, Powertools 2024-08-08 N/A
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
CVE-2001-1230 2 Icecast, Redhat 2 Icecast, Powertools 2024-08-08 N/A
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1227 2 Redhat, Zope 3 Linux, Powertools, Zope 2024-08-08 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2001-1229 3 Icecast, Libshout, Redhat 3 Icecast, Libshout, Powertools 2024-08-08 N/A
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1083 2 Icecast, Redhat 2 Icecast, Powertools 2024-08-08 N/A
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
CVE-2001-0884 2 Gnu, Redhat 4 Mailman, Linux, Powertools and 1 more 2024-08-08 N/A
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
CVE-2001-0894 2 Redhat, Wietse Venema 2 Powertools, Postfix 2024-08-08 N/A
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.