CVE-2009-1185
- EPSS 81.53%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-1186
- EPSS 0.54%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
CVE-2009-0946
- EPSS 8.54%
- Veröffentlicht 17.04.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:10
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
- EPSS 8.9%
- Veröffentlicht 09.04.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:56
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code...
CVE-2009-1270
- EPSS 5.07%
- Veröffentlicht 08.04.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:54
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2009-1242
- EPSS 0.47%
- Veröffentlicht 06.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:50
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode e...
CVE-2009-1072
- EPSS 0.43%
- Veröffentlicht 25.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:26
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o...
CVE-2009-0586
- EPSS 5.52%
- Veröffentlicht 14.03.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:21
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via ...
CVE-2009-0834
- EPSS 0.44%
- Veröffentlicht 06.03.2009 11:30:02
- Zuletzt bearbeitet 16.06.2026 23:05:54
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass...
CVE-2009-0385
- EPSS 6.66%
- Veröffentlicht 02.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:55
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL p...