Bugzilla@3.5.1 Security Vulnerabilities and Issues — Bugzilla@3.5.1 CVE List

Lucene search

MozillaBugzilla3.5.1

9 matches found

CVE•added 2010/02/03 7:30 p.m.•52 views

CVE-2009-3989

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t...

4.3CVSS6.1AI score0.00651EPSS

CVE•added 2010/06/28 5:30 p.m.•52 views

CVE-2010-2470

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerabil...

1.9CVSS5.8AI score0.00053EPSS

CVE•added 2010/06/28 5:30 p.m.•50 views

CVE-2010-1204

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

5CVSS5.8AI score0.00472EPSS

CVE•added 2010/02/03 7:30 p.m.•48 views

CVE-2009-3387

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

5CVSS5.9AI score0.00651EPSS

CVE•added 2010/08/16 3:14 p.m.•45 views

CVE-2010-2756

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

5CVSS6.4AI score0.00838EPSS

CVE•added 2010/06/28 5:30 p.m.•44 views

CVE-2010-0180

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

1.9CVSS6.1AI score0.00053EPSS

CVE•added 2010/08/16 3:14 p.m.•41 views

CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.

5CVSS6.4AI score0.00723EPSS

CVE•added 2010/08/16 3:14 p.m.•39 views

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

6.5CVSS6AI score0.01236EPSS

CVE•added 2010/08/16 3:14 p.m.•38 views

CVE-2010-2759

Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a craft...

4CVSS6AI score0.01641EPSS