Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-18 | CVE-2007-6283 | Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | 4.9 |
| 2007-10-19 | CVE-2007-5594 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack. | 4.3 |
| 2007-10-19 | CVE-2007-5593 | Code Injection vulnerability in multiple products install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | 6.8 |
| 2007-07-27 | CVE-2007-4045 | The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | 5.0 |
| 2007-07-15 | CVE-2007-3103 | Link Following vulnerability in multiple products The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | 6.2 |