Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMozillaCVE-2014-8630
HistoryFeb 01, 2015 - 3:59 p.m.

CVE-2014-8630

2015-02-0115:59:04
CWE-77
mozilla
web.nvd.nist.gov
38
bugzilla
cve-2014-8630
command execution
remote code execution
information security

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

72.1%

JSON

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Affected configurations

Nvd
Node
mozillabugzillaRange4.0.16
OR
mozillabugzillaMatch4.1
OR
mozillabugzillaMatch4.1.1
OR
mozillabugzillaMatch4.1.2
OR
mozillabugzillaMatch4.1.3
OR
mozillabugzillaMatch4.2
OR
mozillabugzillaMatch4.2rc1
OR
mozillabugzillaMatch4.2rc2
OR
mozillabugzillaMatch4.2.1
OR
mozillabugzillaMatch4.2.2
OR
mozillabugzillaMatch4.2.3
OR
mozillabugzillaMatch4.2.4
OR
mozillabugzillaMatch4.2.5
OR
mozillabugzillaMatch4.2.6
OR
mozillabugzillaMatch4.2.7
OR
mozillabugzillaMatch4.2.8
OR
mozillabugzillaMatch4.2.9
OR
mozillabugzillaMatch4.2.10
OR
mozillabugzillaMatch4.2.11
OR
mozillabugzillaMatch4.3
OR
mozillabugzillaMatch4.3.1
OR
mozillabugzillaMatch4.3.2
OR
mozillabugzillaMatch4.3.3
OR
mozillabugzillaMatch4.4
OR
mozillabugzillaMatch4.4rc1
OR
mozillabugzillaMatch4.4rc2
OR
mozillabugzillaMatch4.4.1
OR
mozillabugzillaMatch4.4.2
OR
mozillabugzillaMatch4.4.3
OR
mozillabugzillaMatch4.4.4
OR
mozillabugzillaMatch4.4.5
OR
mozillabugzillaMatch4.4.6
OR
mozillabugzillaMatch4.5
OR
mozillabugzillaMatch4.5.1
OR
mozillabugzillaMatch4.5.2
OR
mozillabugzillaMatch4.5.3
OR
mozillabugzillaMatch4.5.4
OR
mozillabugzillaMatch4.5.5
OR
mozillabugzillaMatch4.5.6
Node
fedoraprojectfedoraMatch20
OR
fedoraprojectfedoraMatch21
VendorProductVersionCPE
mozillabugzilla*cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*
mozillabugzilla4.1cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*
mozillabugzilla4.1.1cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*
mozillabugzilla4.1.2cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*
mozillabugzilla4.1.3cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*
mozillabugzilla4.2cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*
mozillabugzilla4.2cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*
mozillabugzilla4.2cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*
mozillabugzilla4.2.1cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*
mozillabugzilla4.2.2cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 411

Related

mageia 1
nessus 6
ubuntucve 1
cvelist 1
securityvulns 2
prion 1
openvas 3
freebsd 1
nvd 1
fedora 2
gentoo 1
mageia
mageia
Updated bugzilla packages fix CVE-2014-8630
2015-01-31 16:23:52
nessus
nessus
Mandriva Linux Security Advisory : bugzilla (MDVSA-2015:030)
2015-02-06 00:00:00
FreeBSD : Bugzilla multiple security issues (dc2d76df-a595-11e4-9363-20cf30e32f6d)
2015-01-27 00:00:00
Fedora 21 : bugzilla-4.4.8-1.fc21.1 (2015-1713)
2015-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2014-8630
2015-02-01 00:00:00
cvelist
cvelist
CVE-2014-8630
2015-02-01 15:00:00
securityvulns
securityvulns
[ MDVSA-2015:030 ] bugzilla
2015-02-23 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-02-23 00:00:00
prion
prion
Design/Logic Flaw
2015-02-01 15:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0048)
2022-01-28 00:00:00
Fedora Update for bugzilla FEDORA-2015-1713
2015-02-15 00:00:00
Fedora Update for bugzilla FEDORA-2015-1699
2015-02-15 00:00:00
freebsd
freebsd
Bugzilla multiple security issues
2015-01-21 00:00:00
nvd
nvd
CVE-2014-8630
2015-02-01 15:59:04
fedora
fedora
[SECURITY] Fedora 21 Update: bugzilla-4.4.8-1.fc21.1
2015-02-15 03:24:32
[SECURITY] Fedora 20 Update: bugzilla-4.2.13-1.fc20
2015-02-15 03:25:05
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2016-07-20 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

72.1%

JSON
Related for CVE-2014-8630
mageia1nessus6ubuntucve1cvelist1securityvulns2prion1openvas3freebsd1nvd1fedora2gentoo1