Total
206558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2824 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||||
| CVE-2009-2825 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.3 MEDIUM | N/A |
| Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-2826 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||||
| CVE-2009-2827 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||||
| CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 7.5 HIGH | N/A |
| The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.0 MEDIUM | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
| CVE-2009-2830 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515. | |||||
| CVE-2009-2831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 5.8 MEDIUM | N/A |
| Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.9 MEDIUM | N/A |
| IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||||
| CVE-2008-4826 | 2009-11-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3853. Reason: This candidate is a duplicate of CVE-2009-3853. Notes: All CVE users should reference CVE-2009-3853 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-3299 | 1 Mahara | 1 Mahara | 2009-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3937 | 1 Sun | 1 Opensolaris | 2009-11-16 | 4.9 MEDIUM | N/A |
| Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data." | |||||
| CVE-2009-1515 | 1 Christos Zoulas | 1 File | 2009-11-13 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2009-11-13 | 9.3 HIGH | N/A |
| The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | |||||
| CVE-2005-4604 | 1 Jean-jacques Sarton | 1 Mtink | 2009-11-12 | 10.0 HIGH | N/A |
| Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2005-4636 | 1 Openoffice | 1 Openoffice | 2009-11-12 | 4.6 MEDIUM | N/A |
| OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. | |||||
| CVE-2009-0306 | 2 Ibm, Rim | 2 Lotus Notes Intellisync, Blackberry Desktop Software | 2009-11-12 | 9.3 HIGH | N/A |
| Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3921 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Smartqueue Og | 2009-11-10 | 4.0 MEDIUM | N/A |
| The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | |||||
| CVE-2009-3610 | 2009-11-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3695. Reason: This candidate is a duplicate of CVE-2009-3695. Notes: All CVE users should reference CVE-2009-3695 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-3912 | 1 Tftgallery | 1 Tftgallery | 2009-11-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter. | |||||