Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2008-10-15 CVE-2008-4577 Incorrect Authorization vulnerability in multiple products
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7.5
2008-09-11 CVE-2008-3969 Permissions, Privileges, and Access Controls vulnerability in Bitlbee
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
network
low complexity
bitlbee fedoraproject
5.0
2008-08-29 CVE-2008-3282 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
local
low complexity
apache fedoraproject CWE-681
7.8
2008-08-27 CVE-2008-3281 XML Entity Expansion vulnerability in multiple products
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
6.5
2008-07-27 CVE-2008-2951 Open Redirect vulnerability in multiple products
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
network
low complexity
edgewall fedoraproject CWE-601
6.1
2008-07-18 CVE-2008-3223 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
network
low complexity
drupal fedoraproject CWE-89
7.5
2008-07-18 CVE-2008-3222 Session Fixation vulnerability in multiple products
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
5.8
2008-07-18 CVE-2008-3221 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.
4.3
2008-07-18 CVE-2008-3220 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
4.3
2008-07-18 CVE-2008-3219 Cross-Site Scripting vulnerability in multiple products
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.
4.3