CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2009-1721 – Gentoo Linux Security Advisory 201312-07
https://notcve.org/view.php?id=CVE-2009-1721
31 Jul 2009 — The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecut... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2472 – Mozilla multiple cross origin wrapper bypasses
https://notcve.org/view.php?id=CVE-2009-2472
22 Jul 2009 — Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." Mozilla Firefox anteriores a v3.0.12 no usa siempre XPCCrossOriginWrapper cuando es requerido durante la construcción del objeto, lo que permite a atacantes remotos eludir la "Same Origin Policy" y realizar ataques de se... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 9%CPEs: 15EXPL: 1CVE-2009-1837 – Firefox Race condition while accessing the private data of a NPObject JS wrapper class object
https://notcve.org/view.php?id=CVE-2009-1837
12 Jun 2009 — Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Condición de carrera en la función NPObjWrapper_NewResolve en modules/plugin/base/src/nsJSNPRuntime.cpp en xul.dll en Mozilla Firefox v3 anteriores a v3.0.11 podría pe... • http://secunia.com/advisories/34241 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 33%CPEs: 13EXPL: 1CVE-2009-1955 – Apache mod_dav / svn - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1955
06 Jun 2009 — The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es... • https://www.exploit-db.com/exploits/8842 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2009-1903
https://notcve.org/view.php?id=CVE-2009-1903
03 Jun 2009 — The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. La funcionalidad de protección de PDF XSS en ModSecurity anterior a v2.5.8, permite a atacantes remotos provocar una denegación de servicio (caída del httpd Apacche) a través de una petición a un archivo PDF que no emplea el método GET. • http://secunia.com/advisories/34256 •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 3CVE-2009-1902 – ModSecurity < 2.5.9 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1902
03 Jun 2009 — The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. El procesador multipart en ModSecurity anterior a v2.5.9, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición multipart form datapost con un "part header name" perdido, lo que provoca una deferencia a puntero nulo (NULL). • https://www.exploit-db.com/exploits/8241 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1603
https://notcve.org/view.php?id=CVE-2009-1603
11 May 2009 — src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. Vulnerabilidad en src/tools/pkcs11-tool.c en pkcs11-tool de OpenSC v0.11.7. Cuando se utiliza con modulos PKCS#11 de terceras partes sin especificar, genera claves RSA con exponentes públicos incorrectos, lo que permite a usuarios remotos leer en te... • http://secunia.com/advisories/35035 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1573
https://notcve.org/view.php?id=CVE-2009-1573
06 May 2009 — xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la línea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6755
https://notcve.org/view.php?id=CVE-2008-6755
27 Apr 2009 — ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. ZoneMinder v1.23.3 en Fedora 10 establece la propiedad de /etc/zm.conf a la cuenta de usuario de apache, y establece los permisos a 0600, lo cual facilita a los atacantes remotos la modificación de este archivo para acceder a él a través de un archivo de secuencias de... • https://bugzilla.redhat.com/show_bug.cgi?id=476529 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 3CVE-2009-1185 – Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1185
17 Apr 2009 — udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. udev antes de v1.4.1 no verifica si un mensaje NETLINK es generado desde el espacio del kernel, lo que permite a usuarios locales obtener privilegios mediante el envio de un mensaje NETLIINK desde el espacio de usuario. • https://www.exploit-db.com/exploits/8478 • CWE-346: Origin Validation Error CWE-862: Missing Authorization •