Search Results (79 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0128 6 Conectiva, Debian, Freebsd and 3 more 8 Linux, Debian Linux, Freebsd and 5 more 2026-04-16 N/A
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
CVE-2001-0440 4 Conectiva, Licq, Mandrakesoft and 1 more 5 Linux, Licq, Mandrake Linux and 2 more 2026-04-16 N/A
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
CVE-2002-0807 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
CVE-2002-0811 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
CVE-2001-0869 3 Caldera, Redhat, Suse 6 Openlinux Eserver, Openlinux Workstation, Linux and 3 more 2026-04-16 N/A
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
CVE-2001-0884 2 Gnu, Redhat 4 Mailman, Linux, Powertools and 1 more 2026-04-16 N/A
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
CVE-2001-0887 2 Oliver Rauch, Redhat 3 Xsane, Linux, Powertools 2026-04-16 N/A
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
CVE-2001-0890 2 Redhat, Sane 3 Linux, Powertools, Sane 2026-04-16 N/A
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
CVE-2002-0838 4 Ggv, Ghostview, Gv and 1 more 6 Ggv, Ghostview, Gv and 3 more 2026-04-16 N/A
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
CVE-2002-0855 2 Gnu, Redhat 5 Mailman, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
CVE-2001-1227 2 Redhat, Zope 3 Linux, Powertools, Zope 2026-04-16 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2001-1229 3 Icecast, Libshout, Redhat 3 Icecast, Libshout, Powertools 2026-04-16 N/A
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1230 2 Icecast, Redhat 2 Icecast, Powertools 2026-04-16 N/A
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
CVE-2001-1402 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
CVE-2001-1404 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
CVE-2001-1405 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
CVE-2001-1407 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
CVE-2002-0010 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
CVE-2002-0059 2 Redhat, Zlib 3 Linux, Powertools, Zlib 2026-04-16 9.8 Critical
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2002-0989 2 Redhat, Rob Flynn 4 Enterprise Linux, Linux, Powertools and 1 more 2026-04-16 N/A
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.