2009 CVEs

5054 CVEs published in 2009. 28 critical, 82 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2009
CVESeverityScorePublishedSummary
CVE-2009-3616Critical9.92009-10-23Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host…
CVE-2009-0948Critical9.82021-06-02Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
CVE-2009-0947Critical9.82021-06-02Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
CVE-2009-1120Critical9.82020-01-15EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -ex…
CVE-2009-5043Critical9.82019-10-31burn allows file names to escape via mishandled quotation marks
CVE-2009-5041Critical9.82019-10-31overkill has buffer overflow via long player names that can corrupt data on the server machine
CVE-2009-3887Critical9.82019-10-29ytnef has directory traversal
CVE-2009-4899Critical9.82019-10-28pixelpost 1.7.1 has SQL injection
CVE-2009-5156Critical9.82019-06-11An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
CVE-2009-5154Critical9.82019-02-09An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
CVE-2009-5153Critical9.82018-11-21In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthen…
CVE-2009-4013Critical9.82010-02-02Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwri…
CVE-2009-4491Critical9.82010-01-13thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly…
CVE-2009-4488Critical9.82010-01-13Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly…
CVE-2009-4581Critical9.82010-01-06Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to inclu…
CVE-2009-2512Critical9.82009-11-11The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages…
CVE-2009-3555Critical9.82009-11-09The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Serve…
CVE-2009-3421Critical9.82009-09-25login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access…
CVE-2009-1048Critical9.82009-08-14The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 befo…
CVE-2009-2494Critical9.82009-08-12The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows…