Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2009-10-01	CVE-2009-2904	Configuration vulnerability in Openbsd Openssh 4.3/4.8 A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. local openbsd fedoraproject redhat CWE-16	6.9
2008-08-27	CVE-2008-3281	XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. network low complexity xmlsoft apple fedoraproject canonical debian redhat vmware CWE-776	6.5
2007-03-30	CVE-2007-1349	Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. network low complexity apache canonical redhat CWE-20	5.0