| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-4501 |
119 |
|
DoS Overflow |
2009-12-31 |
2010-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. |
|
2 |
CVE-2009-4500 |
119 |
|
DoS Overflow |
2009-12-31 |
2010-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. |
|
3 |
CVE-2009-4484 |
119 |
1
|
DoS Exec Code Overflow Mem. Corr. |
2009-12-30 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. |
|
4 |
CVE-2009-4483 |
|
|
DoS |
2009-12-30 |
2009-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
5 |
CVE-2009-4479 |
399 |
|
DoS Mem. Corr. |
2009-12-30 |
2010-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
6 |
CVE-2009-4466 |
200 |
1
|
DoS +Info |
2009-12-30 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). |
|
7 |
CVE-2009-4463 |
255 |
|
DoS |
2009-12-30 |
2018-10-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. |
|
8 |
CVE-2009-4448 |
399 |
|
DoS |
2009-12-29 |
2011-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. |
|
9 |
CVE-2009-4443 |
|
|
DoS |
2009-12-28 |
2010-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. |
|
10 |
CVE-2009-4442 |
16 |
|
DoS |
2009-12-28 |
2010-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. |
|
11 |
CVE-2009-4441 |
|
|
DoS |
2009-12-28 |
2010-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. |
|
12 |
CVE-2009-4439 |
|
|
DoS |
2009-12-28 |
2010-06-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. |
|
13 |
CVE-2009-4420 |
119 |
|
DoS Overflow |
2009-12-24 |
2019-06-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information. |
|
14 |
CVE-2009-4418 |
189 |
|
DoS |
2009-12-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. |
|
15 |
CVE-2009-4413 |
189 |
1
|
DoS Overflow |
2009-12-24 |
2010-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault. |
|
16 |
CVE-2009-4410 |
|
|
DoS |
2009-12-24 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors. |
|
17 |
CVE-2009-4404 |
|
|
DoS |
2009-12-23 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information. |
|
18 |
CVE-2009-4378 |
|
|
DoS |
2009-12-21 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." |
|
19 |
CVE-2009-4377 |
|
|
DoS |
2009-12-21 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. |
|
20 |
CVE-2009-4376 |
119 |
|
DoS Exec Code Overflow |
2009-12-21 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. |
|
21 |
CVE-2009-4362 |
119 |
|
DoS Overflow +Priv |
2009-12-21 |
2009-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information. |
|
22 |
CVE-2009-4361 |
119 |
|
DoS Overflow +Priv |
2009-12-21 |
2009-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. |
|
23 |
CVE-2009-4334 |
264 |
|
DoS |
2009-12-16 |
2010-06-29 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. |
|
24 |
CVE-2009-4332 |
|
|
DoS |
2009-12-16 |
2010-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. |
|
25 |
CVE-2009-4329 |
|
|
DoS |
2009-12-16 |
2009-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. |
|
26 |
CVE-2009-4328 |
|
|
DoS |
2009-12-16 |
2010-06-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. |
|
27 |
CVE-2009-4327 |
20 |
|
DoS |
2009-12-16 |
2010-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. |
|
28 |
CVE-2009-4313 |
119 |
|
DoS Exec Code Overflow |
2009-12-12 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. |
|
29 |
CVE-2009-4308 |
399 |
|
DoS |
2009-12-12 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. |
|
30 |
CVE-2009-4307 |
189 |
|
DoS |
2009-12-12 |
2017-09-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). |
|
31 |
CVE-2009-4306 |
|
|
DoS |
2009-12-12 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. |
|
32 |
CVE-2009-4294 |
|
|
DoS Exec Code |
2009-12-11 |
2009-12-14 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. |
|
33 |
CVE-2009-4293 |
16 |
|
DoS |
2009-12-10 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets. |
|
34 |
CVE-2009-4270 |
119 |
|
DoS Exec Code Overflow |
2009-12-21 |
2015-01-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. |
|
35 |
CVE-2009-4235 |
264 |
|
DoS +Info |
2009-12-08 |
2017-08-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. |
|
36 |
CVE-2009-4228 |
399 |
|
DoS |
2009-12-08 |
2011-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c. |
|
37 |
CVE-2009-4226 |
362 |
|
DoS |
2009-12-08 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function. |
|
38 |
CVE-2009-4210 |
94 |
|
DoS Mem. Corr. |
2009-12-12 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. |
|
39 |
CVE-2009-4190 |
|
|
DoS |
2009-12-03 |
2009-12-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
40 |
CVE-2009-4186 |
119 |
1
|
DoS Overflow |
2009-12-03 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. |
|
41 |
CVE-2009-4171 |
119 |
|
DoS Overflow |
2009-12-02 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. |
|
42 |
CVE-2009-4144 |
310 |
|
DoS +Info |
2009-12-23 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. |
|
43 |
CVE-2009-4138 |
399 |
|
DoS |
2009-12-16 |
2017-09-18 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. |
|
44 |
CVE-2009-4118 |
|
1
|
DoS |
2009-11-30 |
2012-10-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. |
|
45 |
CVE-2009-4117 |
119 |
|
DoS Exec Code Overflow |
2009-11-30 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information. |
|
46 |
CVE-2009-4114 |
20 |
|
DoS Mem. Corr. |
2009-11-30 |
2018-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. |
|
47 |
CVE-2009-4108 |
119 |
|
DoS Overflow |
2009-11-29 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command. |
|
48 |
CVE-2009-4105 |
20 |
|
DoS |
2009-11-29 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands. |
|
49 |
CVE-2009-4103 |
119 |
|
DoS Exec Code Overflow |
2009-11-29 |
2009-11-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
50 |
CVE-2009-4080 |
|
|
DoS |
2009-11-29 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. |
