Filtered by vendor Redhat
Subscriptions
Filtered by product Powertools
Subscriptions
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0162 | 2 Logwatch, Redhat | 3 Logwatch, Linux, Powertools | 2025-04-03 | N/A |
| LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | ||||
| CVE-2002-0165 | 2 Logwatch, Redhat | 3 Logwatch, Linux, Powertools | 2025-04-03 | N/A |
| LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162. | ||||
| CVE-2002-0166 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. | ||||
| CVE-2002-0170 | 2 Redhat, Zope | 2 Powertools, Zope | 2025-04-03 | N/A |
| Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. | ||||
| CVE-2002-0177 | 2 Icecast, Redhat | 2 Icecast, Powertools | 2025-04-03 | N/A |
| Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. | ||||
| CVE-2002-0384 | 2 Redhat, Rob Flynn | 4 Enterprise Linux, Linux, Powertools and 1 more | 2025-04-03 | N/A |
| Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. | ||||
| CVE-2002-0403 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
| DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | ||||
| CVE-2002-0687 | 2 Redhat, Zope | 2 Powertools, Zope | 2025-04-03 | N/A |
| The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | ||||
| CVE-2002-0803 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | ||||
| CVE-2002-0806 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | ||||
| CVE-2002-0808 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
| CVE-2002-0810 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | ||||
| CVE-2002-0811 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | ||||
| CVE-2002-0821 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | ||||
| CVE-2002-0059 | 2 Redhat, Zlib | 3 Linux, Powertools, Zlib | 2025-04-03 | 9.8 Critical |
| The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | ||||
| CVE-2001-0128 | 6 Conectiva, Debian, Freebsd and 3 more | 8 Linux, Debian Linux, Freebsd and 5 more | 2025-04-03 | N/A |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | ||||
| CVE-2001-0279 | 3 Debian, Mandrakesoft, Redhat | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | N/A |
| Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. | ||||
| CVE-2001-0439 | 5 Conectiva, Freebsd, Licq and 2 more | 7 Linux, Freebsd, Licq and 4 more | 2025-04-03 | N/A |
| licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2001-0440 | 4 Conectiva, Licq, Mandrakesoft and 1 more | 5 Linux, Licq, Mandrake Linux and 2 more | 2025-04-03 | N/A |
| Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. | ||||
| CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||