Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-0152 | 5.0 |
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffi
|
14-02-2024 - 15:19 | 13-05-2009 - 15:30 | |
CVE-2009-0040 | 6.8 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
|
09-02-2024 - 03:25 | 22-02-2009 - 22:30 | |
CVE-2009-0846 | 10.0 |
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
|
09-02-2024 - 03:21 | 09-04-2009 - 00:30 | |
CVE-2008-2939 | 4.3 |
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
|
19-01-2024 - 15:13 | 06-08-2008 - 18:41 | |
CVE-2008-2383 | 9.3 |
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related
|
27-07-2023 - 05:15 | 02-01-2009 - 18:11 | |
CVE-2008-4309 | 5.0 |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK req
|
13-02-2023 - 02:19 | 31-10-2008 - 20:29 | |
CVE-2008-3651 | 4.0 |
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
|
13-02-2023 - 02:19 | 13-08-2008 - 01:41 | |
CVE-2008-3529 | 10.0 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
|
13-02-2023 - 02:19 | 12-09-2008 - 16:56 | |
CVE-2008-3652 | 7.8 |
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
|
13-02-2023 - 02:19 | 13-08-2008 - 01:41 | |
CVE-2007-2754 | 6.8 |
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
|
13-02-2023 - 02:17 | 17-05-2007 - 22:30 | |
CVE-2008-0456 | 2.6 |
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject
|
21-09-2022 - 19:08 | 25-01-2008 - 01:00 | |
CVE-2008-2371 | 7.5 |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins
|
01-08-2022 - 15:54 | 07-07-2008 - 23:41 | |
CVE-2009-0946 | 7.5 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
|
05-04-2021 - 19:25 | 17-04-2009 - 00:30 | |
CVE-2009-0844 | 5.8 |
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri
|
21-01-2020 - 15:45 | 09-04-2009 - 00:30 | |
CVE-2009-0845 | 5.0 |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in
|
21-01-2020 - 15:45 | 27-03-2009 - 16:30 | |
CVE-2008-2829 | 5.0 |
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega
|
09-10-2019 - 22:55 | 23-06-2008 - 20:41 | |
CVE-2009-0165 | 10.0 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
|
06-03-2019 - 16:30 | 23-04-2009 - 19:30 | |
CVE-2009-0147 | 4.3 |
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2009-0146 | 4.3 |
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
CVE-2006-0747 | 5.0 |
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of val
|
19-10-2018 - 15:46 | 23-05-2006 - 10:06 | |
CVE-2004-1186 | 5.0 |
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
|
19-10-2018 - 15:30 | 31-12-2004 - 05:00 | |
CVE-2004-1184 | 4.6 |
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
|
19-10-2018 - 15:30 | 21-01-2005 - 05:00 | |
CVE-2004-1185 | 7.5 |
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
|
19-10-2018 - 15:30 | 21-01-2005 - 05:00 | |
CVE-2009-0154 | 6.8 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
|
11-10-2018 - 21:00 | 13-05-2009 - 15:30 | |
CVE-2009-0159 | 6.8 |
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
|
11-10-2018 - 21:00 | 14-04-2009 - 15:30 | |
CVE-2009-0164 | 6.4 |
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
|
11-10-2018 - 21:00 | 24-04-2009 - 15:30 | |
CVE-2009-0021 | 5.0 |
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for
|
11-10-2018 - 20:58 | 07-01-2009 - 17:30 | |
CVE-2009-0010 | 9.3 |
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a craf
|
11-10-2018 - 20:58 | 13-05-2009 - 15:30 | |
CVE-2009-0025 | 6.8 |
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulne
|
11-10-2018 - 20:58 | 07-01-2009 - 17:30 | |
CVE-2008-5557 | 10.0 |
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n
|
11-10-2018 - 20:56 | 23-12-2008 - 18:30 | |
CVE-2008-5077 | 5.8 |
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
|
11-10-2018 - 20:53 | 07-01-2009 - 17:30 | |
CVE-2008-3863 | 7.6 |
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a
|
11-10-2018 - 20:50 | 23-10-2008 - 22:00 | |
CVE-2008-3659 | 6.4 |
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
CVE-2008-3658 | 7.5 |
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Mi
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
CVE-2008-3657 | 7.5 |
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by
|
11-10-2018 - 20:49 | 13-08-2008 - 01:41 | |
CVE-2008-3660 | 5.0 |
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. Overview contains a t
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
CVE-2008-3656 | 7.8 |
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con
|
11-10-2018 - 20:48 | 13-08-2008 - 01:41 | |
CVE-2008-3655 | 7.5 |
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended
|
11-10-2018 - 20:48 | 13-08-2008 - 01:41 | |
CVE-2008-2666 | 5.0 |
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 | |
CVE-2008-2665 | 5.0 |
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 | |
CVE-2008-1382 | 7.5 |
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which
|
11-10-2018 - 20:32 | 14-04-2008 - 16:05 | |
CVE-2009-0945 | 9.3 |
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other pr
|
10-10-2018 - 19:32 | 13-05-2009 - 17:30 | |
CVE-2009-0847 | 4.3 |
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela
|
10-10-2018 - 19:32 | 09-04-2009 - 00:30 | |
CVE-2008-3790 | 5.0 |
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
|
03-10-2018 - 21:55 | 27-08-2008 - 20:41 | |
CVE-2008-3443 | 5.0 |
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to
|
03-10-2018 - 21:55 | 14-08-2008 - 23:41 | |
CVE-2009-0114 | 5.8 |
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0148 | 9.3 |
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because
|
29-09-2017 - 01:33 | 05-05-2009 - 17:30 | |
CVE-2009-0153 | 4.3 |
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems,
|
29-09-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0519 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0520 | 9.3 |
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0942 | 6.8 |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invoca
|
17-08-2017 - 01:30 | 13-05-2009 - 15:30 | |
CVE-2009-0943 | 6.8 |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript fi
|
17-08-2017 - 01:30 | 13-05-2009 - 15:30 | |
CVE-2009-0156 | 4.3 |
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0149 | 4.4 |
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0155 | 6.8 |
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0162 | 4.3 |
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0150 | 4.4 |
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0157 | 6.8 |
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0144 | 4.3 |
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP con
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0145 | 6.8 |
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafte
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2009-0161 | 6.4 |
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked cer
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2008-3530 | 7.1 |
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a den
|
08-08-2017 - 01:31 | 05-09-2008 - 16:08 | |
CVE-2008-1517 | 7.2 |
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.
|
08-08-2017 - 01:30 | 13-05-2009 - 15:30 | |
CVE-2009-0158 | 6.8 |
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
|
23-08-2016 - 01:59 | 13-05-2009 - 15:30 | |
CVE-2009-0944 | 6.8 |
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application
|
16-05-2009 - 05:30 | 13-05-2009 - 15:30 | |
CVE-2009-0160 | 6.8 |
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
|
16-05-2009 - 05:29 | 13-05-2009 - 15:30 |