CVE-2009-1073
- EPSS 0.93%
- Veröffentlicht 31.03.2009 18:24:45
- Zuletzt bearbeitet 16.06.2026 23:06:26
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
CVE-2009-0115
- EPSS 0.49%
- Veröffentlicht 30.03.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:17
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket ...
- EPSS 6.19%
- Veröffentlicht 27.03.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:22
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid ...
CVE-2009-1151
- EPSS 95.44%
- Veröffentlicht 26.03.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:36
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVE-2009-0784
- EPSS 0.26%
- Veröffentlicht 25.03.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:48
Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.
CVE-2009-1072
- EPSS 0.43%
- Veröffentlicht 25.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:26
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o...
CVE-2009-0834
- EPSS 0.44%
- Veröffentlicht 06.03.2009 11:30:02
- Zuletzt bearbeitet 16.06.2026 23:05:54
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass...
CVE-2009-0040
- EPSS 4.83%
- Veröffentlicht 22.02.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:08
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr...
CVE-2008-6124
- EPSS 1.17%
- Veröffentlicht 13.02.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:39
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL comma...
CVE-2008-6125
- EPSS 1.5%
- Veröffentlicht 13.02.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:39
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.