Total
2548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3877 | 3 Linux, Microsoft, Sun | 6 Linux Kernel, Windows, Jdk and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | |||||
| CVE-2009-3876 | 3 Linux, Microsoft, Sun | 6 Linux Kernel, Windows, Jdk and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | |||||
| CVE-2009-3798 | 1 Adobe | 2 Adobe Air, Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2009-3797 | 1 Adobe | 2 Adobe Air, Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2009-3793 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3726 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | N/A |
| The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. | |||||
| CVE-2009-3676 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | 7.1 HIGH | N/A |
| The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." | |||||
| CVE-2009-3675 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-21 | 6.8 MEDIUM | N/A |
| LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." | |||||
| CVE-2009-3674 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. | |||||
| CVE-2009-3671 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. | |||||
| CVE-2009-3615 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2024-11-21 | 5.0 MEDIUM | N/A |
| The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | |||||
| CVE-2009-3613 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | N/A |
| The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. | |||||
| CVE-2009-3604 | 5 Foolabs, Glyphandcog, Gnome and 2 more | 5 Xpdf, Xpdfreader, Gpdf and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
| The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | |||||
| CVE-2009-3470 | 1 Ibm | 1 Informix Dynamic Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | |||||
| CVE-2009-3466 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3460 | 1 Adobe | 1 Acrobat | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-3388 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-11-21 | 9.3 HIGH | N/A |
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | |||||
| CVE-2009-3371 | 1 Mozilla | 1 Firefox | 2024-11-21 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | |||||
| CVE-2009-3290 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | N/A |
| The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." | |||||
| CVE-2009-3272 | 1 Apple | 1 Safari | 2024-11-21 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | |||||