8 matches found
Mageia: Security Advisory (MGASA-2014-0349)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:169)
Updated bugzilla packages fix security vulnerabilities : Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...
Updated bugzilla packages fix a CSRF vulnerability
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...
CVE-2014-1546
The CVE-2014-1546 issue affects Bugzilla’s JSONP endpoint (jsonrpc.cgi) in Bugzilla 3.x and 4.x prior to the listed fixed versions (before 4.0.14, 4.2.10 for 4.2.x, 4.4.5 for 4.3/4.4.x, and 4.5.5 for 4.5.x). The vulnerability stems from the JSONP response function in Bugzilla’s JSONRPC.pm, which ...
Fedora 19 : bugzilla-4.2.10-1.fc19 (2014-8919)
This version of bugzilla includes a security fix for CVE-2014-1546. With previous versions, an attacker can get access to some bug information using the victim's credentials using a specially crafted HTML page. Note that Tenable Network Security has extracted the preceding description block...
Fedora Update for bugzilla FEDORA-2014-8919
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for bugzilla FEDORA-2014-8920
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : bugzilla-4.2.10-1.fc20 (2014-8920)
This version of bugzilla includes a security fix for CVE-2014-1546. With previous versions, an attacker can get access to some bug information using the victim's credentials using a specially crafted HTML page. Note that Tenable Network Security has extracted the preceding description block...