CVE-2009-1837
- EPSS 4.33%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:09
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,...
CVE-2009-1955
- EPSS 52.99%
- Veröffentlicht 08.06.2009 01:00:00
- Zuletzt bearbeitet 16.06.2026 23:08:25
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via ...
- EPSS 13.74%
- Veröffentlicht 03.06.2009 17:00:00
- Zuletzt bearbeitet 16.06.2026 23:08:19
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
CVE-2009-1903
- EPSS 3.03%
- Veröffentlicht 03.06.2009 17:00:00
- Zuletzt bearbeitet 16.06.2026 23:08:19
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
CVE-2009-1603
- EPSS 1.09%
- Veröffentlicht 11.05.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:37
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to b...
CVE-2009-1185
- EPSS 81.53%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-1186
- EPSS 0.54%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
- EPSS 8.9%
- Veröffentlicht 09.04.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:56
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code...
CVE-2009-1242
- EPSS 0.47%
- Veröffentlicht 06.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:50
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode e...
CVE-2008-6552
- EPSS 0.39%
- Veröffentlicht 30.03.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:26
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and ...