2009 CVEs
5054 CVEs published in 2009. 28 critical, 82 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2009-3616 | Critical | 9.9 | 2009-10-23 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host… |
CVE-2009-0948 | Critical | 9.8 | 2021-06-02 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. |
CVE-2009-0947 | Critical | 9.8 | 2021-06-02 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. |
CVE-2009-1120 | Critical | 9.8 | 2020-01-15 | EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -ex… |
CVE-2009-5043 | Critical | 9.8 | 2019-10-31 | burn allows file names to escape via mishandled quotation marks |
CVE-2009-5041 | Critical | 9.8 | 2019-10-31 | overkill has buffer overflow via long player names that can corrupt data on the server machine |
CVE-2009-3887 | Critical | 9.8 | 2019-10-29 | ytnef has directory traversal |
CVE-2009-4899 | Critical | 9.8 | 2019-10-28 | pixelpost 1.7.1 has SQL injection |
CVE-2009-5156 | Critical | 9.8 | 2019-06-11 | An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string. |
CVE-2009-5154 | Critical | 9.8 | 2019-02-09 | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. |
CVE-2009-5153 | Critical | 9.8 | 2018-11-21 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthen… |
CVE-2009-4013 | Critical | 9.8 | 2010-02-02 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwri… |
CVE-2009-4491 | Critical | 9.8 | 2010-01-13 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly… |
CVE-2009-4488 | Critical | 9.8 | 2010-01-13 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly… |
CVE-2009-4581 | Critical | 9.8 | 2010-01-06 | Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to inclu… |
CVE-2009-2512 | Critical | 9.8 | 2009-11-11 | The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages… |
CVE-2009-3555 | Critical | 9.8 | 2009-11-09 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Serve… |
CVE-2009-3421 | Critical | 9.8 | 2009-09-25 | login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access… |
CVE-2009-1048 | Critical | 9.8 | 2009-08-14 | The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 befo… |
CVE-2009-2494 | Critical | 9.8 | 2009-08-12 | The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows… |