8.10

DATE	CVE	VULNERABILITY TITLE	RISK
2009-06-08	CVE-2009-1955	XML Entity Expansion vulnerability in multiple products The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. network low complexity apache apple suse debian canonical fedoraproject oracle CWE-776	7.5
2008-11-13	CVE-2008-4989	Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). network high complexity gnu fedoraproject canonical debian suse opensuse CWE-295	5.9
2008-10-15	CVE-2008-4577	Incorrect Authorization vulnerability in multiple products The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. network low complexity dovecot fedoraproject opensuse canonical CWE-863	7.5