| Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-2699 | 5.0 |
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows rem
|
15-02-2024 - 20:46 | 13-10-2009 - 10:30 | |
| CVE-2009-4492 | 7.5 |
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify
|
01-08-2023 - 18:59 | 13-01-2010 - 20:30 | |
| CVE-2009-4141 | 7.2 |
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
|
13-02-2023 - 02:20 | 19-01-2010 - 16:30 | |
| CVE-2009-4021 | 4.9 |
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
|
13-02-2023 - 02:20 | 25-11-2009 - 16:30 | |
| CVE-2009-4138 | 4.7 |
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified
|
13-02-2023 - 02:20 | 16-12-2009 - 19:30 | |
| CVE-2009-2910 | 2.1 |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 p
|
13-02-2023 - 02:20 | 20-10-2009 - 17:30 | |
| CVE-2007-4567 | 7.8 |
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
|
13-02-2023 - 02:18 | 21-12-2007 - 00:46 | |
| CVE-2006-6304 | 7.5 |
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
|
11-10-2017 - 01:31 | 14-12-2006 - 20:28 | |
| CVE-2009-4565 | 7.5 |
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a
|
19-09-2017 - 01:29 | 04-01-2010 - 21:30 | |
| CVE-2009-4411 | 3.7 |
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or
|
17-08-2017 - 01:31 | 24-12-2009 - 16:30 |