Max CVSS 10.0 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-1195 4.9
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
15-02-2024 - 18:54 28-05-2009 - 20:30
CVE-2009-0023 4.3
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2)
02-02-2024 - 16:32 08-06-2009 - 01:00
CVE-2009-2416 4.3
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
02-02-2024 - 16:04 11-08-2009 - 18:30
CVE-2009-1955 5.0
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via
02-02-2024 - 14:11 08-06-2009 - 01:00
CVE-2009-1956 6.4
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
03-03-2023 - 18:45 08-06-2009 - 01:00
CVE-2009-2409 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
13-02-2023 - 02:20 30-07-2009 - 19:30
CVE-2009-1890 7.1
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
13-02-2023 - 02:20 05-07-2009 - 16:30
CVE-2009-1891 7.1
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13-02-2023 - 02:20 10-07-2009 - 15:30
CVE-2009-1191 5.0
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13-02-2023 - 02:19 23-04-2009 - 17:30
CVE-2007-5707 7.1
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
13-02-2023 - 02:18 30-10-2007 - 19:46
CVE-2009-2412 10.0
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
13-02-2023 - 01:17 06-08-2009 - 15:30
CVE-2009-2414 4.3
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
13-02-2023 - 01:17 11-08-2009 - 18:30
CVE-2009-3767 4.3
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
14-10-2020 - 17:13 23-10-2009 - 19:30
CVE-2009-3293 7.5
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2009-3291 7.5
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2009-3292 7.5
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2009-2202 9.3
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
30-10-2018 - 16:25 10-09-2009 - 21:30
CVE-2009-2203 9.3
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
30-10-2018 - 16:25 10-09-2009 - 21:30
CVE-2009-2798 9.3
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
30-10-2018 - 16:25 10-09-2009 - 21:30
CVE-2009-2799 9.3
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
30-10-2018 - 16:25 10-09-2009 - 21:30
CVE-2008-0658 4.0
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
15-10-2018 - 22:02 13-02-2008 - 21:00
CVE-2007-6698 4.0
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerabilit
15-10-2018 - 21:56 01-02-2008 - 22:00
CVE-2008-5161 2.6
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server f
11-10-2018 - 20:54 19-11-2008 - 17:30
CVE-2009-2666 6.4
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted cert
10-10-2018 - 19:41 07-08-2009 - 19:00
CVE-2009-2285 4.3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
03-10-2018 - 22:00 01-07-2009 - 13:00
CVE-2009-1632 5.0
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x
29-09-2017 - 01:34 14-05-2009 - 17:30
CVE-2009-1574 5.0
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
29-09-2017 - 01:34 06-05-2009 - 17:30
CVE-2009-3111 5.0
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.
19-09-2017 - 01:29 09-09-2009 - 18:30
CVE-2009-2411 8.5
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger
19-09-2017 - 01:29 07-08-2009 - 19:30
CVE-2009-2837 6.8
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
19-09-2017 - 01:29 10-11-2009 - 19:30
CVE-2009-2820 4.3
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTT
19-09-2017 - 01:29 10-11-2009 - 19:30
CVE-2009-3235 7.5
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via
19-09-2017 - 01:29 17-09-2009 - 10:30
CVE-2009-2839 6.8
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Per: http://support.apple.com/kb/HT3937 "This issue does no
19-12-2009 - 06:57 10-11-2009 - 19:30
CVE-2009-2823 4.3
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
24-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2832 5.1
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related t
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2838 6.8
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2840 4.9
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2833 7.5
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Pe
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2836 6.2
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. Per:
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2835 4.6
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2009-2819 9.3
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. Per: http://support.apple.com/kb/HT3937 "These issues do not affect
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2808 5.4
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spo
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2829 5.0
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, rel
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2827 6.8
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. Per: http://support.appl
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2810 6.8
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trig
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2825 4.3
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL ser
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2826 6.8
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2831 5.8
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2830 6.8
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2818 5.0
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Per: http://suppor
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2824 6.8
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. Per: http://support.apple.com/kb/HT3937 "These issues do not affect Mac OS
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2828 7.5
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2834 4.9
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
17-11-2009 - 05:00 10-11-2009 - 19:30
Back to Top Mark selected
Back to Top