Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-03-31 CVE-2008-1567 Cleartext Storage of Sensitive Information vulnerability in multiple products
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
5.5
2007-12-18 CVE-2007-6283 Information Exposure vulnerability in multiple products
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
local
low complexity
redhat fedoraproject oracle centos CWE-200
4.9
2007-10-19 CVE-2007-5594 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
4.3
2007-10-19 CVE-2007-5593 Code Injection vulnerability in multiple products
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
6.8
2007-07-27 CVE-2007-4045 The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
network
low complexity
apple fedoraproject
5.0
2007-07-15 CVE-2007-3103 Link Following vulnerability in multiple products
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
local
high complexity
fedoraproject redhat CWE-59
6.2