LiveActive security incident?Get immediate response
CVE archive

January 2009

Browse CVE records published in January 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 363 matching CVEs · Page 4 of 8.

Unknown · CVSS Not scored

CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MI...

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Published Jan 13, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4003: Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute ar...

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.

Published Jan 21, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3956: The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac...

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Published Jan 13, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3958: Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.4...

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

Published Jan 13, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3955: Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attacker...

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

Published Jan 13, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3556: A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterpris...

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Published Jan 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-2624: The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too...

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Published Jan 29, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-1120: EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability.

EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.

Published Jan 15, 2020 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0374: Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an oncl...

Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.

Published Jan 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0372: Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier al...

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.

Published Jan 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0344: Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x...

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.

Published Jan 29, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0331: Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows...

Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.

Published Jan 29, 2009 · Updated Aug 7, 2024