Vulnerabilities > Fedoraproject > Fedora > 8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. | 3.7 |
| 2021-02-06 | CVE-2020-14312 | Unspecified vulnerability in Fedoraproject Fedora A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. network fedoraproject | 4.3 |
| 2008-11-13 | CVE-2008-4989 | Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | 5.9 |
| 2008-10-15 | CVE-2008-4577 | Incorrect Authorization vulnerability in multiple products The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | 7.5 |
| 2008-09-11 | CVE-2008-3969 | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | 5.0 |
| 2008-08-29 | CVE-2008-3282 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | 7.8 |
| 2008-07-27 | CVE-2008-2951 | Open Redirect vulnerability in multiple products Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | 6.1 |
| 2008-07-18 | CVE-2008-3223 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." | 7.5 |
| 2008-07-18 | CVE-2008-3222 | Session Fixation vulnerability in multiple products Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. | 5.8 |
| 2008-07-18 | CVE-2008-3221 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. | 4.3 |