Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-19 | CVE-2007-5594 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack. | 4.3 |
| 2007-10-19 | CVE-2007-5593 | Code Injection vulnerability in multiple products install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | 6.8 |
| 2007-07-27 | CVE-2007-4045 | The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | 5.0 |
| 2007-05-02 | CVE-2007-1320 | Out-Of-Bounds Write vulnerability in multiple products Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | 7.2 |
| 2007-01-30 | CVE-2007-0455 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | 7.5 |