Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 646

Количество 63 646

ubuntu логотип

CVE-2009-5009

больше 15 лет назад

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-5004

больше 6 лет назад

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2009-4997

больше 15 лет назад

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2009-4996

больше 15 лет назад

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2009-4976

больше 15 лет назад

Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-4975

больше 15 лет назад

Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-4924

больше 15 лет назад

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-4902

больше 15 лет назад

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2009-4901

больше 15 лет назад

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2009-4900

больше 6 лет назад

pixelpost 1.7.1 has XSS

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2009-4899

больше 6 лет назад

pixelpost 1.7.1 has SQL injection

CVSS3: 9.8
EPSS: Низкий
ubuntu логотип

CVE-2009-4898

больше 15 лет назад

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2009-4897

больше 15 лет назад

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2009-4896

больше 15 лет назад

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

CVSS2: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2009-4895

больше 15 лет назад

Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.

CVSS3: 4.7
EPSS: Низкий
ubuntu логотип

CVE-2009-4882

больше 15 лет назад

Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-4881

больше 15 лет назад

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-4880

больше 15 лет назад

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2009-4877

больше 15 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2009-4855

больше 15 лет назад

SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

CVSS2: 5
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CVSS3: 6.5
2%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-4997

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.

CVSS2: 7.2
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4996

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments

CVSS2: 7.2
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4976

Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CVSS2: 4.3
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4975

Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CVSS2: 4.3
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4924

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

CVSS2: 4.3
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4902

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

CVSS2: 6.8
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4901

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

CVSS2: 2.1
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4900

pixelpost 1.7.1 has XSS

CVSS3: 6.1
0%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-4899

pixelpost 1.7.1 has SQL injection

CVSS3: 9.8
0%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-4898

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.

CVSS2: 6.8
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4897

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CVSS2: 9.3
8%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4896

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

CVSS2: 6.5
2%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4895

Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.

CVSS3: 4.7
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4882

Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.

CVSS2: 4.3
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4881

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

CVSS2: 5
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

CVSS2: 5
14%
Средний
больше 15 лет назад
ubuntu логотип
CVE-2009-4877

Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

CVSS2: 6.8
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2009-4855

SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.

CVSS2: 7.5
1%
Низкий
больше 15 лет назад

Уязвимостей на страницу