Filtered by vendor Redhat
Subscriptions
Filtered by product Powertools
Subscriptions
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1229 | 3 Icecast, Libshout, Redhat | 3 Icecast, Libshout, Powertools | 2025-04-03 | N/A |
| Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | ||||
| CVE-2001-1230 | 2 Icecast, Redhat | 2 Icecast, Powertools | 2025-04-03 | N/A |
| Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | ||||
| CVE-2001-1332 | 2 Easy Software Products, Redhat | 2 Cups, Powertools | 2025-04-03 | N/A |
| Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. | ||||
| CVE-2001-1401 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | ||||
| CVE-2002-0008 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | ||||
| CVE-2002-0010 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. | ||||
| CVE-2002-0043 | 2 Redhat, Todd Miller | 3 Linux, Powertools, Sudo | 2025-04-03 | N/A |
| sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. | ||||
| CVE-2002-0803 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | ||||
| CVE-2002-0804 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | ||||
| CVE-2002-0805 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | ||||
| CVE-2002-0807 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||
| CVE-2002-0808 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
| CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
| CVE-2002-0821 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | ||||
| CVE-2002-0822 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | ||||
| CVE-2002-1154 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2025-04-03 | N/A |
| anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | ||||
| CVE-2002-0012 | 2 Redhat, Snmp | 3 Linux, Powertools, Snmp | 2025-04-03 | N/A |
| Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | ||||
| CVE-2001-0690 | 4 Conectiva, Debian, Redhat and 1 more | 5 Linux, Debian Linux, Linux and 2 more | 2025-04-03 | N/A |
| Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. | ||||
| CVE-2001-0889 | 2 Redhat, University Of Cambridge | 3 Linux, Powertools, Exim | 2025-04-03 | N/A |
| Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | ||||