Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-41862 |
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Published: March 03, 2023; 11:15:09 AM -0500 |
V3.1: 3.7 LOW V2.0:(not available) |
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2008-5021 |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. Published: November 13, 2008; 6:30:01 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4989 |
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). Published: November 12, 2008; 8:00:01 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2008-4577 |
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. Published: October 15, 2008; 4:08:02 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2008-3969 |
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. Published: September 10, 2008; 9:13:47 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3282 |
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Published: August 29, 2008; 2:41:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2008-2951 |
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. Published: July 27, 2008; 6:41:00 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2008-3218 |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3219 |
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3220 |
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3221 |
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3222 |
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2008-3223 |
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." Published: July 18, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2371 |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Published: July 07, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2374 |
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. Published: July 07, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2364 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Published: June 13, 2008; 2:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-2575 |
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. Published: June 06, 2008; 6:32:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-2108 |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. Published: May 07, 2008; 5:20:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2008-0599 |
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. Published: May 05, 2008; 1:20:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |