Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0412
HistoryOct 09, 2014 - 6:39 p.m.

Updated bugzilla packages fix security vulnerabilities

2014-10-0918:39:32
Gentoo Foundation
advisories.mageia.org
13

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Updated bugzilla packages fix security vulnerabilities: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571). An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group’s regular expression setting (CVE-2014-1572). During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information (CVE-2014-1573).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchbugzilla< 4.4.6-1bugzilla-4.4.6-1.mga3
Mageia4noarchbugzilla< 4.4.6-1bugzilla-4.4.6-1.mga4

Related

nessus 9
securityvulns 3
fedora 5
freebsd 2
openvas 6
gentoo 1
ubuntucve 4
thn 1
prion 4
checkpoint_advisories 1
cve 4
debiancve 1
nessus
nessus
Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities
2014-10-06 00:00:00
Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities
2015-02-09 00:00:00
FreeBSD : Bugzilla multiple security issues (b6587341-4d88-11e4-aef9-20cf30e32f6d)
2014-10-07 00:00:00
securityvulns
securityvulns
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
2014-10-14 00:00:00
[ MDVSA-2014:200 ] bugzilla
2014-11-03 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-11-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: bugzilla-4.4.6-1.fc21
2014-11-01 17:10:00
[SECURITY] Fedora 20 Update: bugzilla-4.2.11-1.fc20
2014-10-22 08:51:49
[SECURITY] Fedora 19 Update: bugzilla-4.2.11-1.fc19
2014-10-22 08:50:36
freebsd
freebsd
Bugzilla multiple security issues
2014-10-06 00:00:00
ikiwiki -- multiple vulnerabilities
2016-12-19 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2014-12530
2014-10-23 00:00:00
Fedora Update for bugzilla FEDORA-2014-12584
2014-10-23 00:00:00
Mageia: Security Advisory (MGASA-2014-0412)
2022-01-28 00:00:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2016-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2014-1572
2014-10-13 00:00:00
CVE-2014-1573
2014-10-13 00:00:00
CVE-2014-1571
2014-10-13 00:00:00
thn
thn
Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers
2014-10-06 22:37:00
prion
prion
Cross site scripting
2014-10-13 01:55:00
Design/Logic Flaw
2014-10-13 01:55:00
Design/Logic Flaw
2014-10-13 01:55:00
checkpoint_advisories
checkpoint_advisories
Bugzilla Privilege Escalation - Email Validation Bypass (CVE-2014-1572)
2014-10-02 00:00:00
cve
cve
CVE-2014-1572
2014-10-13 01:55:00
CVE-2014-1573
2014-10-13 01:55:00
CVE-2014-1571
2014-10-13 01:55:00
debiancve
debiancve
CVE-2016-9646
2018-04-13 15:29:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for MGASA-2014-0412
nessus9securityvulns3fedora5freebsd2openvas6gentoo1ubuntucve4thn1prion4checkpoint_advisories1cve4debiancve1