Vulnerabilities (CVE)

Total 206558 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2824 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 6.8 MEDIUM N/A
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
CVE-2009-2825 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 4.3 MEDIUM N/A
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-2826 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 6.8 MEDIUM N/A
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-2827 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 6.8 MEDIUM N/A
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
CVE-2009-2828 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 7.5 HIGH N/A
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2009-2829 1 Apple 1 Mac Os X Server 2009-11-17 5.0 MEDIUM N/A
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
CVE-2009-2830 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 6.8 MEDIUM N/A
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
CVE-2009-2831 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 5.8 MEDIUM N/A
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
CVE-2009-2834 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 4.9 MEDIUM N/A
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
CVE-2008-4826 2009-11-16 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3853. Reason: This candidate is a duplicate of CVE-2009-3853. Notes: All CVE users should reference CVE-2009-3853 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2009-3299 1 Mahara 1 Mahara 2009-11-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3937 1 Sun 1 Opensolaris 2009-11-16 4.9 MEDIUM N/A
Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data."
CVE-2009-1515 1 Christos Zoulas 1 File 2009-11-13 6.8 MEDIUM N/A
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
CVE-2009-3932 1 Google 1 Chrome 2009-11-13 9.3 HIGH N/A
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
CVE-2005-4604 1 Jean-jacques Sarton 1 Mtink 2009-11-12 10.0 HIGH N/A
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2005-4636 1 Openoffice 1 Openoffice 2009-11-12 4.6 MEDIUM N/A
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
CVE-2009-0306 2 Ibm, Rim 2 Lotus Notes Intellisync, Blackberry Desktop Software 2009-11-12 9.3 HIGH N/A
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.
CVE-2009-3921 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Smartqueue Og 2009-11-10 4.0 MEDIUM N/A
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
CVE-2009-3610 2009-11-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3695. Reason: This candidate is a duplicate of CVE-2009-3695. Notes: All CVE users should reference CVE-2009-3695 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2009-3912 1 Tftgallery 1 Tftgallery 2009-11-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.