CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mai...

4.3CVSS6.4AI score0.00283EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 5:40 a.m.•1 views

SUSE CVE-2013-1742

Multiple cross-site scripting XSS vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 sortkey parameter...

4.3CVSS5.8AI score0.00748EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:25 a.m.•1 views

SUSE CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...

6.5CVSS7.3AI score0.00633EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:11 a.m.•1 views

SUSE CVE-2015-8509

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...

4.3CVSS6.6AI score0.00263EPSS

Exploits1References2

OSV•added 2019/04/29 4:29 p.m.•0 views

CVE-2018-5123

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

8.8CVSS5.8AI score0.0014EPSS

Exploits1References1

CVE•added 2012/04/27 8:0 p.m.•46 views

CVE-2012-0465

CVE-2012-0465 affects Bugzilla versions 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1. Root cause: improper validation of the X-Forwarded-For header when inbound_proxies is enabled, allowing bypass of the lockout policy via repeated authentication re...

4.3CVSS6.7AI score0.00243EPSS

Exploits0References5Affected Software1

NVD•added 2010/08/16 3:14 p.m.•18 views

CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the 1 Reports or 2 Duplicates page...

5CVSS6.4AI score0.00723EPSS

Exploits0References12

NVD•added 2009/02/09 5:30 p.m.•15 views

CVE-2009-0486

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under modperl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery CSRF protectio...

7.5CVSS6.7AI score0.0014EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by