Bugzilla@3.4.2 Security Vulnerabilities and Issues — Bugzilla@3.4.2 CVE List

Lucene search

MozillaBugzilla3.4.2

8 matches found

CVE•added 2010/11/05 5:0 p.m.•61 views

CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.

2.6CVSS6.5AI score0.00733EPSS

CVE•added 2010/02/03 7:30 p.m.•52 views

CVE-2009-3989

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t...

4.3CVSS6.1AI score0.00651EPSS

CVE•added 2010/06/28 5:30 p.m.•50 views

CVE-2010-1204

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

5CVSS5.8AI score0.00472EPSS

CVE•added 2010/02/03 7:30 p.m.•48 views

CVE-2009-3387

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

5CVSS5.9AI score0.00651EPSS

CVE•added 2010/08/16 3:14 p.m.•45 views

CVE-2010-2756

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

5CVSS6.4AI score0.00838EPSS

CVE•added 2010/08/16 3:14 p.m.•41 views

CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.

5CVSS6.4AI score0.00723EPSS

CVE•added 2010/08/16 3:14 p.m.•39 views

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

6.5CVSS6AI score0.01236EPSS

CVE•added 2010/08/16 3:14 p.m.•38 views

CVE-2010-2759

Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a craft...

4CVSS6AI score0.01641EPSS