Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-0949 | 5.0 |
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler re
|
09-02-2024 - 00:17 | 09-06-2009 - 17:30 | |
CVE-2009-1386 | 5.0 |
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
|
07-02-2024 - 18:03 | 04-06-2009 - 16:30 | |
CVE-2009-1387 | 5.0 |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a
|
07-02-2024 - 18:01 | 04-06-2009 - 16:30 | |
CVE-2009-0749 | 9.3 |
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the r
|
02-02-2024 - 16:03 | 02-03-2009 - 20:30 | |
CVE-2008-6123 | 5.0 |
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restric
|
12-01-2024 - 20:41 | 12-02-2009 - 16:30 | |
CVE-2008-5515 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
|
13-02-2023 - 02:19 | 16-06-2009 - 21:00 | |
CVE-2009-1179 | 6.8 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
CVE-2009-0781 | 4.3 |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
|
13-02-2023 - 02:19 | 09-03-2009 - 21:30 | |
CVE-2009-0580 | 4.3 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
|
13-02-2023 - 02:19 | 05-06-2009 - 16:00 | |
CVE-2009-0791 | 6.8 |
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute a
|
13-02-2023 - 02:19 | 09-06-2009 - 17:30 | |
CVE-2009-1181 | 4.3 |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
CVE-2009-0800 | 6.8 |
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
CVE-2009-0033 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
|
13-02-2023 - 01:17 | 05-06-2009 - 16:00 | |
CVE-2009-1194 | 6.8 |
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string th
|
13-02-2023 - 01:17 | 11-05-2009 - 15:30 | |
CVE-2009-1183 | 4.3 |
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
|
13-02-2023 - 01:17 | 23-04-2009 - 17:30 | |
CVE-2009-0783 | 4.6 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
|
13-02-2023 - 01:17 | 05-06-2009 - 16:00 | |
CVE-2009-0165 | 10.0 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
|
06-03-2019 - 16:30 | 23-04-2009 - 19:30 | |
CVE-2009-0147 | 4.3 |
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-1180 | 6.8 |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-0799 | 4.3 |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-0166 | 4.3 |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-1182 | 7.5 |
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-0146 | 4.3 |
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-0198 | 9.3 |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corrupt
|
11-10-2018 - 21:00 | 11-06-2009 - 15:30 | |
CVE-2009-1855 | 9.3 |
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U
|
10-10-2018 - 19:38 | 11-06-2009 - 15:30 | |
CVE-2009-1882 | 9.3 |
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buf
|
10-10-2018 - 19:38 | 02-06-2009 - 15:30 | |
CVE-2009-1857 | 9.3 |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document
|
10-10-2018 - 19:38 | 11-06-2009 - 15:30 | |
CVE-2009-0755 | 5.0 |
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
|
10-10-2018 - 19:30 | 03-03-2009 - 16:30 | |
CVE-2009-0756 | 5.0 |
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and tri
|
10-10-2018 - 19:30 | 03-03-2009 - 16:30 | |
CVE-2009-1391 | 6.8 |
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a c
|
03-10-2018 - 22:00 | 16-06-2009 - 23:30 | |
CVE-2009-1271 | 5.0 |
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
|
03-10-2018 - 21:59 | 08-04-2009 - 18:30 | |
CVE-2009-1632 | 5.0 |
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-1574 | 5.0 |
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
|
29-09-2017 - 01:34 | 06-05-2009 - 17:30 | |
CVE-2009-1341 | 5.0 |
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
|
29-09-2017 - 01:34 | 30-04-2009 - 20:30 | |
CVE-2009-0663 | 7.5 |
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to
|
29-09-2017 - 01:33 | 30-04-2009 - 20:30 | |
CVE-2009-1572 | 5.0 |
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
|
17-08-2017 - 01:30 | 06-05-2009 - 17:30 | |
CVE-2009-1959 | 5.0 |
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underfl
|
17-08-2017 - 01:30 | 08-06-2009 - 01:00 | |
CVE-2009-1858 | 9.3 |
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory
|
17-08-2017 - 01:30 | 11-06-2009 - 15:30 | |
CVE-2009-1856 | 9.3 |
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file co
|
17-08-2017 - 01:30 | 11-06-2009 - 15:30 | |
CVE-2009-1438 | 7.5 |
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted
|
17-08-2017 - 01:30 | 27-04-2009 - 18:00 | |
CVE-2009-0509 | 9.3 |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file
|
08-08-2017 - 01:33 | 11-06-2009 - 15:30 | |
CVE-2009-1861 | 9.3 |
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of se
|
04-05-2010 - 05:43 | 11-06-2009 - 15:30 | |
CVE-2009-1859 | 9.3 |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
04-05-2010 - 05:43 | 11-06-2009 - 15:30 | |
CVE-2009-0511 | 9.3 |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecifi
|
04-05-2010 - 05:40 | 11-06-2009 - 15:30 | |
CVE-2009-0510 | 9.3 |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecifi
|
04-05-2010 - 05:40 | 11-06-2009 - 15:30 | |
CVE-2009-0512 | 9.3 |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecifi
|
04-05-2010 - 05:40 | 11-06-2009 - 15:30 | |
CVE-2009-1957 | 5.0 |
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_
|
14-10-2009 - 05:24 | 08-06-2009 - 01:00 | |
CVE-2009-1958 | 5.0 |
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic
|
14-10-2009 - 05:24 | 08-06-2009 - 01:00 | |
CVE-2009-1272 | 5.0 |
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during ex
|
16-09-2009 - 05:30 | 08-04-2009 - 18:30 | |
CVE-2009-1648 | 7.5 |
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network serv
|
06-07-2009 - 04:00 | 05-07-2009 - 16:30 |