Export limit exceeded: 367124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2412 2 Apache, Redhat 5 Apr-util, Portable Runtime, Certificate System and 2 more 2026-04-23 N/A
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
CVE-2009-2417 3 Curl, Libcurl, Redhat 3 Libcurl, Libcurl, Enterprise Linux 2026-04-23 N/A
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-2419 1 Apple 1 Safari 2026-04-23 N/A
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.
CVE-2009-2420 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.
CVE-2009-2421 1 Apple 1 Safari 2026-04-23 N/A
The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.
CVE-2009-2422 2 Apple, Rubyonrails 3 Mac Os X, Mac Os X Server, Ruby On Rails 2026-04-23 9.8 Critical
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
CVE-2009-2423 1 Ebayclonescript 1 Ebay Clone 2026-04-23 N/A
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.
CVE-2009-2424 1 Clone2009 1 Ebay Clone 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2009-2425 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.
CVE-2009-2426 1 Tor 1 Tor 2026-04-23 N/A
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-2427 1 Jobbr 1 Jobbr 2026-04-23 N/A
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
CVE-2009-2428 1 Tauschregal.de 1 Tausch Ticket Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
CVE-2009-2429 1 Mcafee 1 Smartfilter 2026-04-23 N/A
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2430 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.
CVE-2009-2431 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.
CVE-2009-2432 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
CVE-2009-2433 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
CVE-2009-2434 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2009-2435 1 Ibm 1 Lotus Instant Messaging And Web Conferencing 2026-04-23 N/A
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-2436 1 Phponlinedatingsoftware 1 Myphpdating 2026-04-23 N/A
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.