Max CVSS 10.0 Min CVSS 1.9 Total Count698
IDCVSSSummaryLast (major) updatePublished
CVE-2008-1232 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
15-03-2017 - 21:59 03-08-2008 - 21:41
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
19-02-2017 - 00:21 08-07-2008 - 19:41
CVE-2007-6199 9.3
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
06-01-2017 - 21:59 01-12-2007 - 01:46
CVE-2005-2491 7.5
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, whic
15-12-2016 - 21:59 23-08-2005 - 00:00
CVE-2009-1632 5.0
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x
07-12-2016 - 22:01 14-05-2009 - 13:30
CVE-2009-1574 5.0
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
07-12-2016 - 22:01 06-05-2009 - 13:30
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
07-12-2016 - 22:01 17-04-2009 - 10:30
CVE-2009-0115 7.2
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket
07-12-2016 - 22:01 30-03-2009 - 12:30
CVE-2008-2937 1.9
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account nam
07-12-2016 - 22:01 18-08-2008 - 15:41
CVE-2008-2235 4.9
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
07-12-2016 - 22:00 01-08-2008 - 10:41
CVE-2007-6067 6.8
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of se
07-12-2016 - 22:00 09-01-2008 - 16:46
CVE-2007-4772 4.0
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg
07-12-2016 - 22:00 09-01-2008 - 16:46
CVE-2007-0010 2.1
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
07-12-2016 - 22:00 24-01-2007 - 14:28
CVE-2004-0989 10.0
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy
07-12-2016 - 21:59 01-03-2005 - 00:00
CVE-2008-3522 10.0
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
06-12-2016 - 21:59 02-10-2008 - 14:18
CVE-2008-3520 9.3
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
06-12-2016 - 21:59 02-10-2008 - 14:18
CVE-2008-0122 10.0
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
06-12-2016 - 21:59 15-01-2008 - 21:00
CVE-2008-1423 9.3
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its
08-11-2016 - 13:07 16-05-2008 - 08:54
CVE-2008-1420 6.8
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
08-11-2016 - 13:04 16-05-2008 - 08:54
CVE-2008-1419 4.3
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
08-11-2016 - 12:01 16-05-2008 - 08:54
CVE-2007-5461 3.5
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write reque
24-10-2016 - 14:30 15-10-2007 - 14:17
CVE-2006-2769 5.0
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
17-10-2016 - 23:40 02-06-2006 - 06:18
CVE-2005-2992 2.1
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
17-10-2016 - 23:32 13-10-2005 - 18:02
CVE-2005-2945 2.1
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
17-10-2016 - 23:31 16-09-2005 - 17:03
CVE-2005-1686 2.6
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user,
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1127 5.0
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via f
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-0088 7.5
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
17-10-2016 - 23:07 02-05-2005 - 00:00
CVE-2005-0077 2.1
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
17-10-2016 - 23:07 02-05-2005 - 00:00
CVE-2004-1488 5.0
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
17-10-2016 - 22:55 27-04-2005 - 00:00
CVE-2004-0783 7.5
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifie
17-10-2016 - 22:48 20-10-2004 - 00:00
CVE-2004-0782 7.5
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based
17-10-2016 - 22:48 20-10-2004 - 00:00
CVE-2004-0688 7.5
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2004-0687 7.5
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2004-0110 7.5
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
17-10-2016 - 22:40 15-03-2004 - 00:00
CVE-2007-6720 4.3
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attac
03-10-2016 - 21:59 20-01-2009 - 11:30
CVE-2009-2493 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
02-09-2016 - 17:26 29-07-2009 - 13:30
CVE-2006-2191 7.5
** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
30-08-2016 - 21:59 19-09-2006 - 17:07
CVE-2009-0922 4.0
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
22-08-2016 - 21:59 17-03-2009 - 13:30
CVE-2009-0789 5.0
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the
22-08-2016 - 21:59 27-03-2009 - 12:30
CVE-2009-0783 4.6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2009-0781 4.3
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
22-08-2016 - 21:59 09-03-2009 - 17:30
CVE-2009-0591 2.6
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid bu
22-08-2016 - 21:59 27-03-2009 - 12:30
CVE-2009-0590 5.0
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
22-08-2016 - 21:59 27-03-2009 - 12:30
CVE-2009-0580 4.3
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2009-0033 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2008-5515 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
22-08-2016 - 21:59 16-06-2009 - 17:00
CVE-2008-5360 6.4
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allow
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5359 9.3
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbit
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5358 9.3
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashsc
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5357 9.3
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbi
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5356 9.3
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5354 9.3
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applicat
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5353 10.0
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows rem
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5351 7.5
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to b
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5350 5.0
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5348 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5347 7.5
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JA
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5345 7.5
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5344 7.5
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make una
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5343 9.0
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5342 5.0
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5341 5.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5340 10.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to acces
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5339 5.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connecti
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5077 5.8
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
22-08-2016 - 21:59 07-01-2009 - 12:30
CVE-2008-2086 9.3
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) ja
22-08-2016 - 21:59 04-12-2008 - 21:30
CVE-2007-1858 2.6
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information o
22-08-2016 - 21:59 09-05-2007 - 20:19
CVE-2009-1046 4.7
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a sma
31-05-2016 - 11:08 23-03-2009 - 12:30
CVE-2008-2939 4.3
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
27-05-2016 - 11:37 06-08-2008 - 14:41
CVE-2009-0025 6.8
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulne
04-04-2016 - 14:12 07-01-2009 - 12:30
CVE-2009-0696 4.3
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
04-04-2016 - 11:50 29-07-2009 - 13:30
CVE-2009-1364 7.5
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
15-07-2015 - 11:04 01-05-2009 - 13:30
CVE-2007-2926 4.3
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
16-03-2015 - 21:59 24-07-2007 - 13:30
CVE-2009-0792 9.3
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to caus
06-01-2015 - 21:59 14-04-2009 - 12:26
CVE-2009-0196 9.3
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file wit
06-01-2015 - 21:59 16-04-2009 - 11:12
CVE-2009-0901 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
13-11-2014 - 21:59 29-07-2009 - 13:30
CVE-2009-2416 4.3
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
24-10-2014 - 01:42 11-08-2009 - 14:30
CVE-2009-2414 4.3
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
24-10-2014 - 01:42 11-08-2009 - 14:30
CVE-2009-0201 9.3
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
24-10-2014 - 01:33 02-09-2009 - 13:30
CVE-2009-0200 9.3
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
24-10-2014 - 01:33 02-09-2009 - 13:30
CVE-2008-1483 6.9
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
08-08-2014 - 16:41 24-03-2008 - 19:44
CVE-2007-4752 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
</