Total
299239 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pixelpost 1.7.1 has SQL injection | |||||
| CVE-2009-4267 | 1 Apache | 1 Juddi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | |||||
| CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2024-11-21 | N/A | 7.5 HIGH |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | |||||
| CVE-2009-4067 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | |||||
| CVE-2009-4011 | 1 Dtc-xen Project | 1 Dtc-xen | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. | |||||
| CVE-2009-3887 | 1 Ytnef Project | 1 Ytnef | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ytnef has directory traversal | |||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | |||||
| CVE-2009-3723 | 2 Debian, Sangoma | 2 Debian Linux, Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| asterisk allows calls on prohibited networks | |||||
| CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | |||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | |||||
| CVE-2009-3552 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-11-21 | 2.9 LOW | 3.1 LOW |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | |||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | |||||
| CVE-2009-20001 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. | |||||
| CVE-2009-1120 | 1 Dell | 1 Emc Replistor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker. | |||||
| CVE-2009-10004 | 1 Sandbox Theme Project | 1 Sandbox Theme | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability. | |||||
| CVE-2009-10003 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | |||||
| CVE-2009-10002 | 1 Fittr Flickr Project | 1 Fittr Flickr | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. | |||||
| CVE-2009-10001 | 1 Cool-php-captcha Project | 1 Cool-php-captcha | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. | |||||
| CVE-2009-0948 | 1 Apple | 1 Files | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. | |||||
| CVE-2009-0947 | 1 Apple | 1 Files | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. | |||||