Max CVSS | 7.5 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-3231 | 6.8 |
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
|
13-02-2024 - 17:41 | 17-09-2009 - 10:30 | |
CVE-2009-2906 | 4.0 |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
|
13-02-2023 - 02:20 | 07-10-2009 - 18:30 | |
CVE-2009-2687 | 4.3 |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
19-01-2023 - 16:38 | 05-08-2009 - 19:30 | |
CVE-2009-2948 | 1.9 |
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain t
|
31-10-2022 - 15:03 | 07-10-2009 - 18:30 | |
CVE-2009-2625 | 5.0 |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
|
13-05-2022 - 14:44 | 06-08-2009 - 15:30 | |
CVE-2009-3009 | 4.3 |
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
|
08-08-2019 - 14:43 | 08-09-2009 - 18:30 | |
CVE-2009-3086 | 5.0 |
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple a
|
08-08-2019 - 14:38 | 08-09-2009 - 18:30 | |
CVE-2009-3293 | 7.5 |
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-3291 | 7.5 |
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-3292 | 7.5 |
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2008-5349 | 7.1 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
|
11-10-2018 - 20:54 | 05-12-2008 - 11:30 | |
CVE-2009-3230 | 6.5 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZAT
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2009-3229 | 4.0 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2009-2813 | 6.0 |
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle error
|
10-10-2018 - 19:42 | 14-09-2009 - 16:30 | |
CVE-2009-3618 | 4.3 |
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party in
|
13-08-2018 - 21:47 | 10-11-2009 - 02:30 | |
CVE-2009-3619 | 5.0 |
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
|
13-08-2018 - 21:47 | 10-11-2009 - 02:30 | |
CVE-2009-2905 | 4.6 |
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
|
19-09-2017 - 01:29 | 29-09-2009 - 19:30 | |
CVE-2009-3697 | 7.5 |
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
|
17-08-2017 - 01:31 | 16-10-2009 - 16:30 | |
CVE-2009-3696 | 4.3 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
|
17-08-2017 - 01:31 | 16-10-2009 - 16:30 |