Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-3231 | 6.8 |
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
|
13-02-2024 - 17:41 | 17-09-2009 - 10:30 | |
CVE-2009-2625 | 5.0 |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
|
13-05-2022 - 14:44 | 06-08-2009 - 15:30 | |
CVE-2009-3767 | 4.3 |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
|
14-10-2020 - 17:13 | 23-10-2009 - 19:30 | |
CVE-2009-1297 | 4.4 |
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that ha
|
30-10-2018 - 16:27 | 23-10-2009 - 18:30 | |
CVE-2009-2674 | 7.5 |
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
|
30-10-2018 - 16:25 | 05-08-2009 - 19:30 | |
CVE-2008-5349 | 7.1 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
|
11-10-2018 - 20:54 | 05-12-2008 - 11:30 | |
CVE-2009-3230 | 6.5 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZAT
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2009-3229 | 4.0 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2009-2671 | 5.0 |
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2670 | 5.0 |
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2675 | 10.0 |
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2672 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2673 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-3241 | 7.8 |
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-2632 | 4.4 |
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrar
|
19-09-2017 - 01:29 | 08-09-2009 - 23:30 | |
CVE-2009-2689 | 10.0 |
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via a
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-3111 | 5.0 |
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.
|
19-09-2017 - 01:29 | 09-09-2009 - 18:30 | |
CVE-2009-2690 | 5.0 |
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2476 | 10.0 |
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer res
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-3235 | 7.5 |
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via
|
19-09-2017 - 01:29 | 17-09-2009 - 10:30 | |
CVE-2009-2475 | 7.8 |
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQue
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2008-7159 | 5.8 |
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, relat
|
17-08-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3051 | 7.5 |
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in
|
23-10-2012 - 03:10 | 10-09-2009 - 18:30 | |
CVE-2008-7160 | 5.8 |
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbi
|
23-10-2012 - 03:01 | 10-09-2009 - 21:30 | |
CVE-2009-2661 | 5.0 |
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service
|
24-11-2009 - 07:02 | 04-08-2009 - 16:30 | |
CVE-2009-3765 | 6.8 |
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se
|
29-10-2009 - 04:00 | 23-10-2009 - 19:30 |