Lucene search
+L

15 matches found

CVE
CVE
added 2011/01/28 3:0 p.m.93 views

CVE-2010-4567

CVE-2010-4567 affects Bugzilla: whitespace before javascript: or data: in the URL field allows XSS. Affected versions per description: Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2. Public notices across multiple advisories confirm the issue and provide ...

4.3CVSS5.6AI score0.01785EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.82 views

CVE-2011-2379

CVE-2011-2379 is a cross-site scripting issue in Bugzilla related to viewing patches in Raw Unified mode . The vulnerability arises because an alternate host used for attachments when viewing them in raw format is also used for patches, and it is exploited when users use Internet Explorer < 9 ...

4.3CVSS5.4AI score0.01669EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.80 views

CVE-2011-2977

Bugzilla 3.6.x (up to 3.6.5), 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows fail to delete temporary files created for uploaded attachments, allowing local users to read sensitive data. Root cause: regression in 3.6. Additionally, the vulnerability is limited to Windows builds as s...

2.1CVSS5.5AI score0.0029EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.78 views

CVE-2011-2380

CVE-2011-2380 affects Bugzilla and allows remote attackers to determine the existence of private group names by crafting parameters during bug creation or editing. Affected versions include Bugzilla 2.23.3–2.22.7, 3.0.x–3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4....

5CVSS6.2AI score0.01766EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.75 views

CVE-2010-4572

CVE-2010-4572 is a CRLF/header injection vulnerability in Bugzilla that can be triggered via the query string to inject HTTP headers and enable HTTP response splitting. Debian’s security advisory DSA-2322-1 explicitly lists this CVE among vulnerabilities in Bugzilla and notes that the issue was f...

4.3CVSS8.9AI score0.018EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.75 views

CVE-2011-2979

Technical details for CVE-2011-2979 are not publicly available in the provided connected documents; monitor for updates. The materials reference the CVE but do not supply affected products, root cause, or fixes.

5CVSS6.2AI score0.02065EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.74 views

CVE-2010-4569

CVE-2010-4569 is an XSS vulnerability in Bugzilla affecting versions 3.7.1, 3.7.2, 3.7.3, and 4.0rc1. The issue arises in Bugzilla’s user account real name field, related to the YUI AutoComplete widget, allowing remote attackers to inject arbitrary script/HTML. The connected records confirm the B...

4.3CVSS5.5AI score0.01724EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.72 views

CVE-2010-4568

CVE-2010-4568 affects Bugzilla 2.14–2.22.7; 3.0.x–3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2, where cookies/tokens were generated with an insufficient number of srand calls, allowing remote attackers to gain access to arbitrary Bugzilla accounts via unsp...

7.5CVSS6.7AI score0.02531EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.71 views

CVE-2011-0046

CVE-2011-0046 affects Bugzilla prior to 3.2.10, 3.4.x prior to 3.4.10, 3.6.x prior to 3.6.4, and 4.0.x prior to 4.0rc2, enabling CSRF to hijack user authentication for actions such as adding saved searches, voting, sanity checks, charting, column changes, and quips. Public sources in the connecte...

6.8CVSS7.2AI score0.01136EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.70 views

CVE-2011-2381

Summary: CVE-2011-2381 is a CRLF injection vulnerability in Bugzilla that allows remote attackers to inject arbitrary email headers via an attachment description in a flagmail notification. The initial description lists affected versions: Bugzilla 2.17.1–2.22.7, 3.0.x–3.3.x, 3.4.x before 3.4.12, ...

4.3CVSS6.7AI score0.01518EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.69 views

CVE-2011-0048

CVE-2011-0048 affects Bugzilla: the URL field (bug_file_loc) can contain javascript: or data: URIs. The issue allows cross-site scripting against logged-out users when the URI is crafted in certain Bugzilla versions (3.2.x up to 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, 4.0.x before 4.0rc2...

4.3CVSS5.5AI score0.01785EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.65 views

CVE-2008-7292

Technical details for CVE-2008-7292 are not publicly provided in the supplied documents. Monitor for updates; the Bugzilla local-file disclosure described in the initial entry is not elaborated here.

2.1CVSS5.6AI score0.00384EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.64 views

CVE-2011-2978

Bugzilla CVE-2011-2978: The vulnerability arises because Bugzilla does not prevent changes to the confirmation email address (old_email) when a user initiates an email change, allowing an attacker with access to another user’s session (e.g., an unattended workstation) to redirect the change notif...

5CVSS6.6AI score0.01713EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.62 views

CVE-2011-2976

Bugzilla (Bugzilla) XSS vulnerability CVE-2011-2976 affects Bugzilla 2.16rc1–2.22.7, 3.0.x–3.3.x, and 3.4.x before 3.4.12. The issue allows remote attackers to inject arbitrary web script or HTML via vectors involving the BUGLIST cookie. No remediation details are provided in the connected docume...

4.3CVSS5.5AI score0.01446EPSS
CVE
CVE
added 2011/01/28 3:0 p.m.57 views

CVE-2010-4570

CVE-2010-4570 is an XSS vulnerability in Bugzilla’s duplicate-detection feature (Bugzilla 3.7.1/3.7.2/3.7.3/4.0rc1) where the summary field can be exploited via the DataTable widget in YUI to inject arbitrary script/HTML. Connected documents confirm the CVE is referenced among Bugzilla-related ad...

4.3CVSS5.6AI score0.01739EPSS