Search Results (365367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0653 1 Openssl 1 Openssl 2026-04-23 N/A
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
CVE-2009-0654 1 Tor 1 Tor 2026-04-23 N/A
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
CVE-2009-0656 1 Asus 1 Smartlogon 2026-04-23 N/A
Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.
CVE-2009-0657 1 Toshiba 1 Face Recognition 2026-04-23 N/A
Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.
CVE-2009-0658 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 7.8 High
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVE-2009-0659 1 Tptest 1 Tptest 2026-04-23 N/A
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0660 1 Mahara 1 Mahara 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
CVE-2009-0661 1 Flashtux 1 Weechat 2026-04-23 N/A
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
CVE-2009-0662 1 Plone 2 Plone, Plonepas 2026-04-23 N/A
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVE-2009-0664 1 Mahara 1 Mahara 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
CVE-2009-0667 1 Ocsinventory-ng 2 Ocs Inventory Ng, Ocsinventory-agent 2026-04-23 N/A
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
CVE-2009-0668 1 Zope 1 Zodb 2026-04-23 N/A
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
CVE-2009-0669 1 Zope 1 Zodb 2026-04-23 N/A
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
CVE-2009-0672 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
CVE-2009-0673 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
CVE-2009-0674 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
CVE-2009-0675 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
CVE-2009-0676 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
CVE-2009-0677 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.
CVE-2009-0678 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.