Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1265 1 Linux 1 Linux Kernel 2026-04-23 N/A
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.
CVE-2009-1266 1 Wireshark 1 Wireshark 2026-04-23 N/A
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.
CVE-2009-1267 2 Microsoft, Wireshark 2 Windows, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
CVE-2009-1268 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
CVE-2009-1269 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
CVE-2009-1270 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2026-04-23 N/A
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2009-1326 1 Mini-stream 1 Rm Downloader 2026-04-23 N/A
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1271 1 Php 1 Php 2026-04-23 N/A
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
CVE-2009-1272 1 Php 1 Php 2026-04-23 N/A
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
CVE-2009-1273 1 Andrew J.korty 1 Pam Ssh 2026-04-23 N/A
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
CVE-2009-1274 1 Xine 1 Xine-lib 2026-04-23 N/A
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
CVE-2009-1275 1 Apache 2 Struts, Tiles 2026-04-23 N/A
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
CVE-2009-1276 2 Gnome, Sun 3 Gnome, Opensolaris, Solaris 2026-04-23 N/A
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
CVE-2009-1277 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
CVE-2009-1278 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
CVE-2009-1279 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
CVE-2009-1280 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-1281 1 Glfusion 1 Glfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1282 1 Glfusion 1 Glfusion 2026-04-23 N/A
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
CVE-2009-1283 1 Glfusion 1 Glfusion 2026-04-23 N/A
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.