CVE-2009-0115
- EPSS 0.49%
- Veröffentlicht 30.03.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:17
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket ...
CVE-2009-0040
- EPSS 4.83%
- Veröffentlicht 22.02.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:08
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr...
CVE-2009-0385
- EPSS 6.66%
- Veröffentlicht 02.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:55
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL p...
CVE-2009-0314
- EPSS 0.62%
- Veröffentlicht 28.01.2009 11:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:44
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2008-5983
- EPSS 0.51%
- Veröffentlicht 28.01.2009 02:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:21
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local us...
CVE-2008-5021
- EPSS 3.63%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:58:58
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying pr...
CVE-2008-4989
- EPSS 1.88%
- Veröffentlicht 13.11.2008 01:00:01
- Zuletzt bearbeitet 16.06.2026 22:58:53
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers t...
CVE-2008-4577
- EPSS 2.33%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
- EPSS 2.41%
- Veröffentlicht 11.09.2008 01:13:47
- Zuletzt bearbeitet 16.06.2026 22:56:55
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because ...
CVE-2008-3282
- EPSS 10.76%
- Veröffentlicht 29.08.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:32
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly exec...