| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-2185 | 5.0 |
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attacker
|
29-07-2019 - 14:24 | 25-06-2009 - 02:00 | |
| CVE-2009-3236 | 4.3 |
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload
|
18-06-2019 - 16:44 | 17-09-2009 - 10:30 | |
| CVE-2009-2905 | 4.6 |
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
|
19-09-2017 - 01:29 | 29-09-2009 - 19:30 | |
| CVE-2009-3474 | 7.5 |
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing
|
17-08-2017 - 01:31 | 29-09-2009 - 23:30 | |
| CVE-2002-1245 | 7.2 |
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
|
18-10-2016 - 02:25 | 12-11-2002 - 05:00 | |
| CVE-2009-2661 | 5.0 |
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service
|
24-11-2009 - 07:02 | 04-08-2009 - 16:30 | |
| CVE-2009-1957 | 5.0 |
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_
|
14-10-2009 - 05:24 | 08-06-2009 - 01:00 | |
| CVE-2009-1958 | 5.0 |
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic
|
14-10-2009 - 05:24 | 08-06-2009 - 01:00 | |
| CVE-2009-3475 | 7.5 |
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-t
|
30-09-2009 - 04:00 | 29-09-2009 - 23:30 |