cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.0.8 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0001 2009-01-21T15:30:00.250-05:00 2011-03-07T22:17:44.360-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T09:46:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-022A APPLE APPLE-SA-2009-01-21 XF quicktime-rtspurl-bo(48154) VUPEN ADV-2009-0212 BID 33385 CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.0.8 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0002 2009-01-21T15:30:00.267-05:00 2011-03-07T22:17:44.470-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T09:48:00.000-05:00 CERT TA09-022A APPLE APPLE-SA-2009-01-21 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-005/ VUPEN ADV-2009-0212 BID 33384 CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 OSVDB 51525 BUGTRAQ 20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms. cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.0.8 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0003 2009-01-21T15:30:00.280-05:00 2011-03-07T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T09:58:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-022A APPLE APPLE-SA-2009-01-21 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-006/ VUPEN ADV-2009-0212 BID 33387 CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 OSVDB 51526 Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.0.8 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0004 2009-01-21T15:30:00.297-05:00 2011-03-07T22:17:44.657-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T09:59:00.000-05:00 CERT TA09-022A CONFIRM http://support.apple.com/kb/HT3403 APPLE APPLE-SA-2009-01-21 XF quicktime-mpeg2-bo(48157) VUPEN ADV-2009-0212 SECUNIA 33632 Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.0.8 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0005 2009-01-21T15:30:00.327-05:00 2011-03-07T22:17:44.750-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T10:04:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-022A APPLE APPLE-SA-2009-01-21 XF quicktime-h263-movie-code-execution(48158) VUPEN ADV-2009-0212 BID 33386 CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption. cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0006 2009-01-21T15:30:00.343-05:00 2012-02-29T17:42:24.347-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T10:02:00.000-05:00 CERT TA09-022A APPLE APPLE-SA-2009-01-21 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-007/ VUPEN ADV-2009-0212 BID 33388 BUGTRAQ 20090124 Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 OSVDB 51529 BUGTRAQ 20090121 ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:7.3.1.70 CVE-2009-0007 2009-01-21T15:30:00.377-05:00 2012-02-29T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T10:06:00.000-05:00 CERT TA09-022A APPLE APPLE-SA-2009-01-21 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-008/ VUPEN ADV-2009-0212 BID 33390 CONFIRM http://support.apple.com/kb/HT3403 SECUNIA 33632 OSVDB 51530 Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. cpe:/a:apple:quicktime_mpeg-2_playback_component CVE-2009-0008 2009-01-22T13:30:03.797-05:00 2011-03-07T22:17:45.000-05:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-22T13:53:00.000-05:00 ALLOWS_ADMIN_ACCESS XF quicktime-mpeg2playback-code-execution(48162) VUPEN ADV-2009-0211 SECTRACK 1021621 BID 33393 CONFIRM http://support.apple.com/kb/HT3404 SECUNIA 33642 APPLE APPLE-SA-2009-01-21 Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0009 2009-02-12T19:30:00.187-05:00 2011-03-07T22:17:45.110-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-13T09:40:00.000-05:00 ALLOWS_OTHER_ACCESS XF macosx-pixlet-codec-code-execution(48713) VUPEN ADV-2009-0422 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECTRACK 1021718 SECUNIA 33937 OSVDB 51980 APPLE APPLE-SA-2009-02-12 Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0010 2009-05-13T11:30:00.233-04:00 2009-06-04T01:24:11.703-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-05-14T08:27:00.000-04:00 CERT TA09-133A CONFIRM http://support.apple.com/kb/HT3549 APPLE APPLE-SA-2009-05-12 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-021/ MISC http://www.zerodayinitiative.com/advisories/ZDI-09-021 MISC http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php VUPEN ADV-2009-1407 VUPEN ADV-2009-1297 SECTRACK 1022209 BID 34938 BID 34926 BUGTRAQ 20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability CONFIRM http://support.apple.com/kb/HT3591 SECUNIA 35091 SECUNIA 35074 APPLE APPLE-SA-2009-06-01-1 Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0011 2009-02-12T19:30:04.827-05:00 2011-03-07T22:17:45.313-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T09:53:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33759 APPLE APPLE-SA-2009-02-12 XF macosx-certificate-asst-file-overwrite(48715) VUPEN ADV-2009-0422 CONFIRM http://support.apple.com/kb/HT3438 SECTRACK 1021720 SECUNIA 33937 OSVDB 51979 Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0012 2009-02-12T19:30:04.843-05:00 2011-03-07T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:10:00.000-05:00 APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33809 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 OSVDB 51977 Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0013 2009-02-12T19:30:04.860-05:00 2011-03-07T22:17:45.500-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-13T09:55:00.000-05:00 APPLE APPLE-SA-2009-02-12 XF macosx-dstools-information-disclosure(48717) VUPEN ADV-2009-0422 BID 33815 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECTRACK 1021722 SECUNIA 33937 dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0014 2009-02-12T19:30:04.877-05:00 2011-03-07T22:17:45.610-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-13T09:57:00.000-05:00 APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33820 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0015 2009-02-12T19:30:04.907-05:00 2011-03-07T22:17:45.720-05:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-02-13T10:04:00.000-05:00 APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33821 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." cpe:/a:apple:itunes:7.1.1:-:windows cpe:/a:apple:itunes:3.0::windows cpe:/a:apple:itunes:4.0.1:-:windows cpe:/a:apple:itunes:7.7.1:-:windows cpe:/a:apple:itunes:7.4.0:-:windows cpe:/a:apple:itunes:2.0.2::windows cpe:/a:apple:itunes:7.6.2:-:windows cpe:/a:apple:itunes:4.0::windows cpe:/a:apple:itunes:5.0.1:-:windows cpe:/a:apple:itunes:7.0.2:-:windows cpe:/a:apple:itunes:4.7.1:-:windows cpe:/a:apple:itunes:7.4.3::windows cpe:/a:apple:itunes:4.9.0:-:windows cpe:/a:apple:itunes:7.4.2::windows cpe:/a:apple:itunes:5.0.0:-:windows cpe:/a:apple:itunes:7.3.2:-:windows cpe:/a:apple:itunes:4.2.0:-:windows cpe:/a:apple:itunes:4.2::windows cpe:/a:apple:itunes:7.7.1::windows cpe:/a:apple:itunes:7.3.0:-:windows cpe:/a:apple:itunes:4.9::windows cpe:/a:apple:itunes:6.0.4.2::windows cpe:/a:apple:itunes:4.7.0:-:windows cpe:/a:apple:itunes:5.0.1::windows cpe:/a:apple:itunes:4.7::windows cpe:/a:apple:itunes:6.0.4:-:windows cpe:/a:apple:itunes:4.0.0:-:windows cpe:/a:apple:itunes:7.2.0:-:windows cpe:/a:apple:itunes:4.8::windows cpe:/a:apple:itunes:7.4.2:-:windows cpe:/a:apple:itunes:4.7.1.30::windows cpe:/a:apple:itunes:6.0.1::windows cpe:/a:apple:itunes:6.0::windows cpe:/a:apple:itunes:4.2.72::windows cpe:/a:apple:itunes:6.0.2:-:windows cpe:/a:apple:itunes:6.0.5:-:windows cpe:/a:apple:itunes:7.0.2::windows cpe:/a:apple:itunes:1.1.1::windows cpe:/a:apple:itunes:7.3.1:-:windows cpe:/a:apple:itunes:7.1.0:-:windows cpe:/a:apple:itunes:6.0.4::windows cpe:/a:apple:itunes:4.1.0:-:windows cpe:/a:apple:itunes:7.5.0:-:windows cpe:/a:apple:itunes:7.4::windows cpe:/a:apple:itunes:7.3.2::windows cpe:/a:apple:itunes:7.4.1:-:windows cpe:/a:apple:itunes:4.6::windows cpe:/a:apple:itunes:3.0.1::windows cpe:/a:apple:itunes:2.0::windows cpe:/a:apple:itunes:2.0.1::windows cpe:/a:apple:itunes:1.1.2::windows cpe:/a:apple:itunes:1.0::windows cpe:/a:apple:itunes:7.0.1:-:windows cpe:/a:apple:itunes:4.7.1::windows cpe:/a:apple:itunes:7.5::windows cpe:/a:apple:itunes:2.0.3::windows cpe:/a:apple:itunes:6.0.0:-:windows cpe:/a:apple:itunes:6.0.3::windows cpe:/a:apple:itunes:8.0::windows cpe:/a:apple:itunes:7.7::windows cpe:/a:apple:itunes:7.6.0:-:windows cpe:/a:apple:itunes:6.0.3:-:windows cpe:/a:apple:itunes:7.7.0:-:windows cpe:/a:apple:itunes:4.8.0:-:windows cpe:/a:apple:itunes:6.0.5::windows cpe:/a:apple:itunes:4.5.0:-:windows cpe:/a:apple:itunes:4.6.0:-:windows cpe:/a:apple:itunes:2.0.4::windows cpe:/a:apple:itunes:4.5::windows cpe:/a:apple:itunes:7.4.1::windows cpe:/a:apple:itunes:5.0::windows cpe:/a:apple:itunes:7.6.1::windows cpe:/a:apple:itunes:6.0.1:-:windows cpe:/a:apple:itunes:7.6::windows cpe:/a:apple:itunes:7.6.1:-:windows cpe:/a:apple:itunes:6.0.2::windows cpe:/a:apple:itunes:4.0.1::windows cpe:/a:apple:itunes:4.1::windows cpe:/a:apple:itunes:7.0.0:-:windows CVE-2009-0016 2009-03-14T14:30:00.420-04:00 2010-08-21T01:29:33.417-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-03-15T08:54:00.000-04:00 CONFIRM http://support.apple.com/kb/HT3487 APPLE APPLE-SA-2009-03-11 XF itunes-daap-dos(49200) VUPEN ADV-2009-0702 BID 34094 BUGTRAQ 20090313 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability MISC http://www.fortiguardcenter.com/advisory/FGA-2009-11.html SECTRACK 1021842 SECUNIA 34254 OSVDB 52578 FULLDISC 20090312 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0017 2009-02-12T19:30:04.920-05:00 2011-03-07T22:17:45.923-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:12:00.000-05:00 ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33811 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0018 2009-02-12T19:30:04.937-05:00 2011-03-07T22:17:46.017-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-02-13T10:15:00.000-05:00 VUPEN ADV-2009-0422 BID 33816 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 APPLE APPLE-SA-2009-02-12 The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0019 2009-02-12T19:30:04.953-05:00 2011-03-07T22:17:46.127-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-13T10:24:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2009-0422 BID 33814 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 APPLE APPLE-SA-2009-02-12 Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0020 2009-02-12T19:30:04.967-05:00 2011-03-07T22:17:46.203-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-13T10:16:00.000-05:00 APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. cpe:/a:ntp:ntp:4.2.0 cpe:/a:ntp:ntp:4.2.4p3 cpe:/a:ntp:ntp:4.2.4p4 cpe:/a:ntp:ntp:4.2.2 cpe:/a:ntp:ntp:4.2.4p1 cpe:/a:ntp:ntp:4.2.4p2 CVE-2009-0021 2009-01-07T12:30:00.360-05:00 2012-10-30T23:13:02.653-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T14:42:00.000-05:00 CERT TA09-133A MLIST [announce] 20090108 NTP 4.2.4p6 Released VUPEN ADV-2009-1297 VUPEN ADV-2009-0042 SECTRACK 1021533 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses REDHAT RHSA-2009:0046 MISC http://www.ocert.org/advisories/ocert-2008-016.html CONFIRM http://support.apple.com/kb/HT3549 SLACKWARE SSA:2009-014-03 SECUNIA 35074 SECUNIA 34642 SECUNIA 33648 SECUNIA 33558 SECUNIA 33406 SUSE SUSE-SR:2009:008 SUSE SUSE-SR:2009:005 APPLE APPLE-SA-2009-05-12 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:samba:samba:3.2.1 cpe:/a:samba:samba:3.2.6 cpe:/a:samba:samba:3.2.0 cpe:/a:samba:samba:3.2.2 cpe:/a:samba:samba:3.2.4 cpe:/a:samba:samba:3.2.5 cpe:/a:samba:samba:3.2.3 CVE-2009-0022 2009-01-05T15:30:02.390-05:00 2011-03-07T22:17:46.423-05:00 6.3 NETWORK MEDIUM SINGLE_INSTANCE COMPLETE NONE NONE http://nvd.nist.gov 2009-01-06T10:37:00.000-05:00 FEDORA FEDORA-2009-0268 XF samba-file-system-security-bypass(47733) VUPEN ADV-2009-0017 UBUNTU USN-702-1 SECTRACK 1021513 BID 33118 CONFIRM http://www.samba.org/samba/security/CVE-2009-0022.html MANDRIVA MDVSA-2009:042 SECUNIA 33431 SECUNIA 33392 SECUNIA 33379 OSVDB 51152 MISC http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. cpe:/a:apache:apr-util:1.1.0 cpe:/a:apache:apr-util:1.2.2 cpe:/a:apache:apr-util:0.9.2 cpe:/a:apache:apr-util:0.9.4 cpe:/a:apache:apr-util:1.1.2 cpe:/a:apache:apr-util:1.0.2 cpe:/a:apache:apr-util:0.9.1 cpe:/a:apache:apr-util:1.3.0 cpe:/a:apache:apr-util:1.2.8 cpe:/a:apache:apr-util:1.0.1 cpe:/a:apache:apr-util:1.3.4 cpe:/a:apache:apr-util:1.2.6 cpe:/a:apache:apr-util:1.3.1 cpe:/a:apache:apr-util:1.1.1 cpe:/a:apache:apr-util:1.3.3 cpe:/a:apache:apr-util:1.0 cpe:/a:apache:apr-util:1.2.7 cpe:/a:apache:apr-util:0.9.3 cpe:/a:apache:apr-util:1.2.1 cpe:/a:apache:apr-util:0.9.5 cpe:/a:apache:apr-util:1.3.2 CVE-2009-0023 2009-06-07T21:00:00.530-04:00 2013-04-17T23:04:08.510-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-06-08T12:35:00.000-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=503928 DEBIAN DSA-1812 FEDORA FEDORA-2009-5969 FEDORA FEDORA-2009-6261 FEDORA FEDORA-2009-6014 XF apache-aprstrmatchprecompile-dos(50964) VUPEN ADV-2009-3184 VUPEN ADV-2009-1907 UBUNTU USN-787-1 UBUNTU USN-786-1 BID 35221 BUGTRAQ 20091112 rPSA-2009-0144-1 apr-util REDHAT RHSA-2009:1108 REDHAT RHSA-2009:1107 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html MANDRIVA MDVSA-2009:131 CONFIRM http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 AIXAPAR PK99478 AIXAPAR PK91241 AIXAPAR PK88341 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0144 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=779880 CONFIRM http://support.apple.com/kb/HT3937 SLACKWARE SSA:2009-167-02 GENTOO GLSA-200907-03 SECUNIA 37221 SECUNIA 35843 SECUNIA 35797 SECUNIA 35710 SECUNIA 35565 SECUNIA 35487 SECUNIA 35444 SECUNIA 35395 SECUNIA 35360 SECUNIA 35284 SECUNIA 34724 HP HPSBUX02612 HP HPSBUX02612 APPLE APPLE-SA-2009-11-09-1 The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.20.12 CVE-2009-0024 2009-01-13T12:00:01.170-05:00 2012-03-19T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-13T14:16:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33211 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 MLIST [oss-security] 20090112 CVE-2009-0024 kernel: local privilege escalation in sys_remap_file_pages CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commit;h=8a459e44ad837018ea5c34a9efe8eb4ad27ded26 The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. cpe:/a:isc:bind:9.2.3 cpe:/a:isc:bind:9.2.4 cpe:/a:isc:bind:8.2.2:p4 cpe:/a:isc:bind cpe:/a:isc:bind:9.2.2 cpe:/a:isc:bind:8.3.5 cpe:/a:isc:bind:8.2.7 cpe:/a:isc:bind:9.1.3 cpe:/a:isc:bind:4.9 cpe:/a:isc:bind:9.1 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.1.2 cpe:/a:isc:bind:8.3.3 cpe:/a:isc:bind:9.2.5 cpe:/a:isc:bind:8.2.2:p7 cpe:/a:isc:bind:8 cpe:/a:isc:bind:8.2.3_t9b cpe:/a:isc:bind:9.4.3 cpe:/a:isc:bind:9.4.0a3 cpe:/a:isc:bind:8.3.6 cpe:/a:isc:bind:9.2.2:p3 cpe:/a:isc:bind:9.2 cpe:/a:isc:bind:4.9.8 cpe:/a:isc:bind:8.2.3 cpe:/a:isc:bind:8.4.5 cpe:/a:isc:bind:9.4.0b4 cpe:/a:isc:bind:4.9.2 cpe:/a:isc:bind:4.9.5:p1 cpe:/a:isc:bind:9.4.2 cpe:/a:isc:bind:8.2.2:p3 cpe:/a:isc:bind:9.3.3 cpe:/a:isc:bind:9.0 cpe:/a:isc:bind:8.2 cpe:/a:isc:bind:9.4.0b1 cpe:/a:isc:bind:9.2.7 cpe:/a:isc:bind:4.9.4 cpe:/a:isc:bind:4.9.3 cpe:/a:isc:bind:9.2.0 cpe:/a:isc:bind:9.0.1 cpe:/a:isc:bind:8.3.1 cpe:/a:isc:bind:9.2.1 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.4 cpe:/a:isc:bind:9.3.5-p2-w1:windows cpe:/a:isc:bind:4.9.10 cpe:/a:isc:bind:4 cpe:/a:isc:bind:8.4.1 cpe:/a:isc:bind:9.3.2 cpe:/a:isc:bind:4.9.9 cpe:/a:isc:bind:9.4.1 cpe:/a:isc:bind:8.3.2 cpe:/a:isc:bind:8.2.3_t1a cpe:/a:isc:bind:9.4.0a5 cpe:/a:isc:bind:9.3.0 cpe:/a:isc:bind:8.1.2 cpe:/a:isc:bind:8.3.0 cpe:/a:isc:bind:8.2:p1 cpe:/a:isc:bind:8.4.4 cpe:/a:isc:bind:9.2.6 cpe:/a:isc:bind:8.2.2:p6 cpe:/a:isc:bind:8.2.2:p5 cpe:/a:isc:bind:8.1 cpe:/a:isc:bind:9.4.0a6 cpe:/a:isc:bind:9.4.0b3 cpe:/a:isc:bind:9.3.1 cpe:/a:isc:bind:9.2.9 cpe:/a:isc:bind:8.4.7 cpe:/a:isc:bind:9.4.0a4 cpe:/a:isc:bind:8.1.1 cpe:/a:isc:bind:9.3 cpe:/a:isc:bind:9.4.0a1 cpe:/a:isc:bind:8.4 cpe:/a:isc:bind:8.2.6 cpe:/a:isc:bind:8.2.5 cpe:/a:isc:bind:9.1.1 cpe:/a:isc:bind:9.4.0a2 cpe:/a:isc:bind:9.4.0b2 cpe:/a:isc:bind:8.3.4 cpe:/a:isc:bind:4.9.5 cpe:/a:isc:bind:8.2.2:p1 cpe:/a:isc:bind:4.9.6 cpe:/a:isc:bind:8.2.2:p2 cpe:/a:isc:bind:8.2.1 cpe:/a:isc:bind:8.2.4 cpe:/a:isc:bind:4.9.7 cpe:/a:isc:bind:8.2.2 CVE-2009-0025 2009-01-07T12:30:00.390-05:00 2012-10-30T23:13:04.187-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T14:58:00.000-05:00 CERT TA09-133A FEDORA FEDORA-2009-0350 CONFIRM https://www.isc.org/software/bind/advisories/cve-2009-0025 CONFIRM https://issues.rpath.com/browse/RPL-2938 VUPEN ADV-2009-1297 VUPEN ADV-2009-0904 VUPEN ADV-2009-0366 VUPEN ADV-2009-0043 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0004.html BID 33151 BUGTRAQ 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim BUGTRAQ 20090120 rPSA-2009-0009-1 bind bind-utils BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses CONFIRM http://www.openbsd.org/errata44.html#008_bind MISC http://www.ocert.org/advisories/ocert-2008-016.html CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0009 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm CONFIRM http://support.apple.com/kb/HT3549 SUNALERT 250846 SLACKWARE SSA:2009-014-02 FREEBSD FreeBSD-SA-09:04 SECUNIA 35074 SECUNIA 33882 SECUNIA 33683 SECUNIA 33559 SECUNIA 33551 SECUNIA 33546 SECUNIA 33494 APPLE APPLE-SA-2009-05-12 MISC http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:apache:jackrabbit:1.4 cpe:/a:apache:jackrabbit:1.5.0 CVE-2009-0026 2009-01-21T15:30:00.390-05:00 2011-03-07T22:17:46.893-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-22T10:14:00.000-05:00 CONFIRM https://issues.apache.org/jira/browse/JCR-1925 XF jackrabbit-search-swr-xss(48110) VUPEN ADV-2009-0177 BID 33360 BUGTRAQ 20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released CONFIRM http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt SREASON 4942 SECUNIA 33576 Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp. cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04 CVE-2009-0027 2009-03-09T17:30:00.170-04:00 2009-03-21T01:53:33.483-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-03-10T11:04:00.000-04:00 REDHAT RHSA-2009:0349 REDHAT RHSA-2009:0347 REDHAT RHSA-2009:0346 CONFIRM https://jira.jboss.org/jira/browse/JBPAPP-1548 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479668 SECTRACK 1021817 BID 34023 SECUNIA 34112 REDHAT RHSA-2009:0348 The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.20.12 CVE-2009-0028 2009-02-27T12:30:09.860-05:00 2012-03-19T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-03-02T10:21:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479932 VUPEN ADV-2009-3316 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html UBUNTU USN-751-1 BID 33906 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BUGTRAQ 20090516 rPSA-2009-0084-1 kernel REDHAT RHSA-2009:0451 REDHAT RHSA-2009:0326 MANDRIVA MDVSA-2009:118 DEBIAN DSA-1800 DEBIAN DSA-1794 DEBIAN DSA-1787 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0084 SECUNIA 37471 SECUNIA 35394 SECUNIA 35390 SECUNIA 35121 SECUNIA 35120 SECUNIA 35011 SECUNIA 34981 SECUNIA 34962 SECUNIA 34917 SECUNIA 34680 SECUNIA 34033 SECUNIA 33758 MISC http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html MISC http://scary.beasts.org/security/CESA-2009-002.html REDHAT RHSA-2009:0459 OSVDB 52204 SUSE SUSE-SA:2009:031 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:010 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 CVE-2009-0029 2009-01-15T12:30:00.467-05:00 2012-03-19T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-15T16:14:00.000-05:00 FEDORA FEDORA-2009-0816 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479969 BID 33275 MANDRIVA MDVSA-2009:135 DEBIAN DSA-1794 DEBIAN DSA-1787 DEBIAN DSA-1749 SECUNIA 35011 SECUNIA 34981 SECUNIA 34394 SECUNIA 33674 SECUNIA 33477 MLIST [linux-kernel] 20090110 Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning SUSE SUSE-SA:2009:010 The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. cpe:/a:squirrelmail:squirrelmail:1.4.8 CVE-2009-0030 2009-01-21T15:30:00.407-05:00 2010-08-21T01:29:35.947-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-22T10:17:00.000-05:00 REDHAT RHSA-2009:0057 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=480488 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=480224 XF squirrelmail-sessionid-session-hijacking(48115) BID 33354 SECTRACK 1021611 SECUNIA 33611 SUSE SUSE-SR:2009:004 A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 CVE-2009-0031 2009-01-20T21:30:00.313-05:00 2012-03-19T00:00:00.000-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-01-21T12:09:00.000-05:00 UBUNTU USN-751-1 REDHAT RHSA-2009:0360 REDHAT RHSA-2009:0331 MLIST [oss-security] 20090119 CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring DEBIAN DSA-1794 DEBIAN DSA-1787 DEBIAN DSA-1749 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm SECUNIA 35011 SECUNIA 34981 SECUNIA 34762 SECUNIA 34502 SECUNIA 34394 SECUNIA 34252 SECUNIA 33858 REDHAT RHSA-2009:0264 OSVDB 51501 SUSE SUSE-SA:2009:010 CONFIRM http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." cpe:/a:apple:cups CVE-2009-0032 2009-01-27T15:30:00.377-05:00 2009-01-28T00:00:00.000-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-28T08:33:00.000-05:00 XF cups-pdflog-symlink(48210) BID 33418 MANDRIVA MDVSA-2009:029 MANDRIVA MDVSA-2009:028 MANDRIVA MDVSA-2009:027 SECTRACK 1021637 CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. cpe:/a:apache:tomcat:4.1.10 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:4.1.18 cpe:/a:apache:tomcat:4.1.4 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:4.1.24 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:6.0.16 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:4.1.16 cpe:/a:apache:tomcat:4.1.29 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:4.1.39 cpe:/a:apache:tomcat:4.1.27 cpe:/a:apache:tomcat:4.1.31 cpe:/a:apache:tomcat:4.1.2 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:4.1.3 cpe:/a:apache:tomcat:4.1.0 cpe:/a:apache:tomcat:4.1.11 cpe:/a:apache:tomcat:4.1.20 cpe:/a:apache:tomcat:4.1.14 cpe:/a:apache:tomcat:4.1.33 cpe:/a:apache:tomcat:4.1.35 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:4.1.15 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:4.1.21 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:4.1.26 cpe:/a:apache:tomcat:4.1.9:beta cpe:/a:apache:tomcat:4.1.22 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:4.1.34 cpe:/a:apache:tomcat:4.1.38 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:4.1.30 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:4.1.7 cpe:/a:apache:tomcat:4.1.19 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:4.1.12 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:4.1.6 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:4.1.13 cpe:/a:apache:tomcat:4.1.1 cpe:/a:apache:tomcat:4.1.8 cpe:/a:apache:tomcat:4.1.37 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:4.1.5 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:4.1.28 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:4.1.32 cpe:/a:apache:tomcat:4.1.23 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:4.1.9 cpe:/a:apache:tomcat:4.1.3:beta cpe:/a:apache:tomcat:4.1.17 cpe:/a:apache:tomcat:4.1.36 cpe:/a:apache:tomcat:4.1.25 CVE-2009-0033 2009-06-05T12:00:00.187-04:00 2013-06-04T22:56:24.707-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-06-08T08:04:00.000-04:00 VUPEN ADV-2009-1496 BID 35193 CONFIRM http://tomcat.apache.org/security-6.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://svn.apache.org/viewvc?rev=781362&view=rev CONFIRM http://svn.apache.org/viewvc?rev=742915&view=rev FEDORA FEDORA-2009-11356 FEDORA FEDORA-2009-11352 FEDORA FEDORA-2009-11374 XF tomcat-ajp-dos(50928) VUPEN ADV-2010-3056 VUPEN ADV-2009-3316 VUPEN ADV-2009-1856 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BUGTRAQ 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector MANDRIVA MDVSA-2010:176 MANDRIVA MDVSA-2009:138 MANDRIVA MDVSA-2009:136 DEBIAN DSA-2207 CONFIRM http://support.apple.com/kb/HT4077 SUNALERT 263529 SECTRACK 1022331 SECUNIA 42368 SECUNIA 37460 SECUNIA 35788 SECUNIA 35685 SECUNIA 35344 SECUNIA 35326 HP SSRT101146 HP HPSBUX02860 HP SSRT100203 HP SSRT100203 SUSE SUSE-SR:2009:012 APPLE APPLE-SA-2010-03-29-1 JVN JVN#87272440 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. cpe:/a:todd_miller:sudo:1.6.9_p18 cpe:/a:todd_miller:sudo:1.6.9_p17 cpe:/a:todd_miller:sudo:1.6.9_p19 CVE-2009-0034 2009-01-30T14:30:00.280-05:00 2010-08-21T01:29:36.523-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-02T09:38:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM https://issues.rpath.com/browse/RPL-2954 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=468923 VUPEN ADV-2009-1865 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0009.html CONFIRM http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h SECTRACK 1021688 BID 33517 BUGTRAQ 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl BUGTRAQ 20090129 rPSA-2009-0021-1 sudo REDHAT RHSA-2009:0267 MANDRIVA MDVSA-2009:033 CONFIRM http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0021 SECUNIA 35766 SECUNIA 33885 SECUNIA 33840 SECUNIA 33753 OSVDB 51736 MLIST [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. cpe:/a:libvirt:libvirt:0.5.1 CVE-2009-0036 2009-02-11T15:30:00.360-05:00 2010-08-21T01:29:36.837-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-12T10:12:00.000-05:00 ALLOWS_OTHER_ACCESS MLIST [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory MLIST [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory MLIST [libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=484947 BID 33724 REDHAT RHSA-2009:0382 SECUNIA 34397 MLIST [oss-security] 20090210 libvirt_proxy heads up CONFIRM http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28 Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. cpe:/a:curl:curl:7.7.2 cpe:/a:curl:curl:7.10.2 cpe:/a:curl:curl:6.0 cpe:/a:curl:curl:7.4 cpe:/a:curl:curl:7.5 cpe:/a:curl:curl:7.2.1 cpe:/a:curl:curl:7.16.4 cpe:/a:curl:curl:7.9.5 cpe:/a:curl:curl:7.4.2 cpe:/a:curl:curl:7.11.1 cpe:/a:curl:libcurl:7.15 cpe:/a:curl:curl:7.1.1 cpe:/a:curl:libcurl:7.13 cpe:/a:curl:curl:6.3.1 cpe:/a:curl:curl:7.19.3 cpe:/a:curl:curl:6.3 cpe:/a:curl:curl:7.2 cpe:/a:curl:curl:7.9.6 cpe:/a:curl:curl:7.7 cpe:/a:curl:curl:6.4 cpe:/a:curl:curl:7.9.4 cpe:/a:curl:curl:7.9.2 cpe:/a:curl:curl:7.10.3 cpe:/a:curl:curl:6.2 cpe:/a:curl:curl:6.1beta cpe:/a:curl:libcurl:7.13.1 cpe:/a:curl:curl:6.5.1 cpe:/a:curl:libcurl:7.14.1 cpe:/a:curl:curl:7.9.8 cpe:/a:curl:curl:7.10.1 cpe:/a:curl:libcurl:7.12 cpe:/a:curl:curl:7.10.5 cpe:/a:curl:curl:7.3 cpe:/a:curl:curl:7.6.1 cpe:/a:curl:curl:7.14 cpe:/a:curl:curl:7.18 cpe:/a:curl:curl:7.7.1 cpe:/a:curl:libcurl:7.15.2 cpe:/a:curl:curl:7.6 cpe:/a:curl:curl:7.9 cpe:/a:curl:curl:7.12 cpe:/a:curl:curl:7.7.3 cpe:/a:curl:libcurl:7.19.3 cpe:/a:curl:libcurl:7.12.1 cpe:/a:curl:curl:7.4.1 cpe:/a:curl:curl:7.10.4 cpe:/a:curl:curl:7.10.8 cpe:/a:curl:libcurl:5.11 cpe:/a:curl:curl:7.13.2 cpe:/a:curl:curl:7.15 cpe:/a:curl:libcurl:7.14 cpe:/a:curl:curl:7.12.1 cpe:/a:curl:curl:6.5 cpe:/a:curl:libcurl:7.13.2 cpe:/a:curl:libcurl:7.12.2 cpe:/a:curl:curl:7.5.2 cpe:/a:curl:curl:7.9.3 cpe:/a:curl:curl:7.15.1 cpe:/a:curl:curl:6.5.2 cpe:/a:curl:curl:7.10.6 cpe:/a:curl:curl:7.1 cpe:/a:curl:curl:7.12.2 cpe:/a:curl:libcurl:7.12.3 cpe:/a:curl:curl:7.8 cpe:/a:curl:libcurl:7.15.3 cpe:/a:curl:curl:7.16.3 cpe:/a:curl:curl:7.8.2 cpe:/a:curl:curl:7.9.7 cpe:/a:curl:curl:7.10 cpe:/a:curl:curl:7.10.7 cpe:/a:curl:libcurl:7.16.3 cpe:/a:curl:curl:5.11 cpe:/a:curl:curl:7.17 cpe:/a:curl:curl:7.8.1 cpe:/a:curl:curl:7.14.1 cpe:/a:curl:curl:7.15.3 cpe:/a:curl:curl:7.5.1 cpe:/a:curl:curl:7.9.1 cpe:/a:curl:libcurl:7.15.1 cpe:/a:curl:curl:7.13 CVE-2009-0037 2009-03-04T21:30:00.250-05:00 2010-08-21T01:29:37.227-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-05T10:14:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2009-0581 BID 33962 CONFIRM http://curl.haxx.se/lxr/source/CHANGES CONFIRM http://curl.haxx.se/docs/adv_20090303.html XF curl-location-security-bypass(49030) MISC http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf MISC http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ VUPEN ADV-2009-1865 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0009.html UBUNTU USN-726-1 SECTRACK 1021783 BUGTRAQ 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl BUGTRAQ 20090312 rPSA-2009-0042-1 curl REDHAT RHSA-2009:0341 DEBIAN DSA-1738 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042 CONFIRM http://support.apple.com/kb/HT4077 SLACKWARE SSA:2009-069-01 GENTOO GLSA-200903-21 SECUNIA 35766 SECUNIA 34399 SECUNIA 34259 SECUNIA 34255 SECUNIA 34251 SECUNIA 34237 SECUNIA 34202 SECUNIA 34138 MLIST [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl SUSE SUSE-SR:2009:006 APPLE APPLE-SA-2010-03-29-1 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. cpe:/a:apache:geronimo:2.1 cpe:/a:apache:geronimo:2.1.2 cpe:/a:apache:geronimo:2.1.3 cpe:/a:apache:geronimo:2.1.1 CVE-2009-0038 2009-04-17T10:30:00.530-04:00 2009-04-28T01:37:14.920-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-04-17T11:26:00.000-04:00 CONFIRM http://issues.apache.org/jira/browse/GERONIMO-4597 CONFIRM http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 VUPEN ADV-2009-1089 BID 34562 BUGTRAQ 20090416 [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt SECUNIA 34715 MISC http://dsecrg.com/pages/vul/show.php?id=119 Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/. cpe:/a:apache:geronimo:2.1.2 cpe:/a:apache:geronimo:2.1 cpe:/a:apache:geronimo:2.1.3 cpe:/a:apache:geronimo:2.1.1 CVE-2009-0039 2009-04-17T10:30:00.547-04:00 2009-04-28T01:37:15.093-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-04-17T11:25:00.000-04:00 VUPEN ADV-2009-1089 BID 34562 BUGTRAQ 20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities SECUNIA 34715 CONFIRM http://issues.apache.org/jira/browse/GERONIMO-4597 CONFIRM http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 MISC http://dsecrg.com/pages/vul/show.php?id=120 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. cpe:/a:libpng:libpng:1.2.0:beta1 cpe:/a:libpng:libpng:1.2.19:beta16 cpe:/a:libpng:libpng:1.2.22:beta4 cpe:/a:libpng:libpng:1.2.19:beta31 cpe:/a:libpng:libpng:1.2.6:rc5 cpe:/a:libpng:libpng:1.2.19:beta14 cpe:/a:libpng:libpng:1.0.7 cpe:/a:libpng:libpng:1.0.27:rc4 cpe:/a:libpng:libpng:1.2.11:beta1 cpe:/a:libpng:libpng:1.2.22:rc1 cpe:/a:libpng:libpng:1.2.7:beta2 cpe:/a:libpng:libpng:1.2.9:beta9 cpe:/a:libpng:libpng:1.2.13:rc2 cpe:/a:libpng:libpng:1.2.19:beta32 cpe:/a:libpng:libpng:1.2.21:rc1 cpe:/a:libpng:libpng:1.0.12:beta1 cpe:/a:libpng:libpng:1.0.25:rc1 cpe:/a:libpng:libpng:1.2.1:rc2 cpe:/a:libpng:libpng:1.0.19 cpe:/a:libpng:libpng:1.0.7:beta17 cpe:/a:libpng:libpng:1.0.42 cpe:/a:libpng:libpng:1.2.19:rc2 cpe:/a:libpng:libpng:1.2.0:beta5 cpe:/a:libpng:libpng:1.2.4:beta1 cpe:/a:libpng:libpng:1.0.23:rc3 cpe:/a:libpng:libpng:1.2.4:rc1 cpe:/a:libpng:libpng:1.0.22 cpe:/a:libpng:libpng:1.2.3:rc3 cpe:/a:libpng:libpng:1.2.14:beta2 cpe:/a:libpng:libpng:1.2.15:beta4 cpe:/a:libpng:libpng:1.2.21:rc2 cpe:/a:libpng:libpng:1.2.8:beta4 cpe:/a:libpng:libpng:1.0.16 cpe:/a:libpng:libpng:1.2.19:beta29 cpe:/a:libpng:libpng:1.2.9:rc1 cpe:/a:libpng:libpng:1.2.15:rc5 cpe:/a:libpng:libpng:1.2.19:beta17 cpe:/a:libpng:libpng:1.2.26:rc01 cpe:/a:libpng:libpng:1.0.12 cpe:/a:libpng:libpng:1.2.10:beta3 cpe:/a:libpng:libpng:1.0.28:rc5 cpe:/a:libpng:libpng:1.2.25:rc01 cpe:/a:libpng:libpng:1.2.22 cpe:/a:libpng:libpng:1.0.28:rc2 cpe:/a:libpng:libpng:1.0.6:j cpe:/a:libpng:libpng:1.2.15:beta2 cpe:/a:libpng:libpng:1.2.0:beta3 cpe:/a:libpng:libpng:1.2.8:rc4 cpe:/a:libpng:libpng:1.0.30 cpe:/a:libpng:libpng:1.2.8:rc2 cpe:/a:libpng:libpng:1.2.25:beta05 cpe:/a:libpng:libpng:1.2.4 cpe:/a:libpng:libpng:1.0.8:beta3 cpe:/a:libpng:libpng:1.0.18 cpe:/a:libpng:libpng:1.0.6:d cpe:/a:libpng:libpng:1.2.19 cpe:/a:libpng:libpng:1.2.2:beta4 cpe:/a:libpng:libpng:1.2.9:beta3 cpe:/a:libpng:libpng:1.0.27:rc5 cpe:/a:libpng:libpng:1.2.19:beta13 cpe:/a:libpng:libpng:1.0.6:h cpe:/a:libpng:libpng:1.0.10:rc1 cpe:/a:libpng:libpng:1.2.18 cpe:/a:libpng:libpng:1.2.15:rc2 cpe:/a:libpng:libpng:1.2.14:rc1 cpe:/a:libpng:libpng:1.2.20:rc4 cpe:/a:libpng:libpng:1.2.15 cpe:/a:libpng:libpng:1.2.2:beta1 cpe:/a:libpng:libpng:1.2.26:beta06 cpe:/a:libpng:libpng:1.2.10:rc3 cpe:/a:libpng:libpng:1.2.26:beta04 cpe:/a:libpng:libpng:1.2.19:beta21 cpe:/a:libpng:libpng:1.0.15 cpe:/a:libpng:libpng:0.89c cpe:/a:libpng:libpng:1.2.11:beta3 cpe:/a:libpng:libpng:1.0.23:rc1 cpe:/a:libpng:libpng:1.0.9:beta1 cpe:/a:libpng:libpng:1.0.7:beta11 cpe:/a:libpng:libpng:1.2.11:beta2 cpe:/a:libpng:libpng:1.2.19:beta11 cpe:/a:libpng:libpng:1.2.19:beta2 cpe:/a:libpng:libpng:1.2.6:beta1 cpe:/a:libpng:libpng:1.0.8 cpe:/a:libpng:libpng:1.2.13 cpe:/a:libpng:libpng:1.0.21:rc2 cpe:/a:libpng:libpng:1.0.15:rc3 cpe:/a:libpng:libpng:1.0.19:rc5 cpe:/a:libpng:libpng:1.0.25:rc2 cpe:/a:libpng:libpng:1.2.26:beta03 cpe:/a:libpng:libpng:1.2.10 cpe:/a:libpng:libpng:1.2.11 cpe:/a:libpng:libpng:1.0.11:beta2 cpe:/a:libpng:libpng:1.2.21:rc3 cpe:/a:libpng:libpng:1.0.6:g cpe:/a:libpng:libpng:1.2.8 cpe:/a:libpng:libpng:1.0.6:a cpe:/a:libpng:libpng:1.2.19:beta26 cpe:/a:libpng:libpng:1.0.26 cpe:/a:libpng:libpng:1.0.10 cpe:/a:libpng:libpng:1.2.9 cpe:/a:libpng:libpng:1.2.19:beta18 cpe:/a:libpng:libpng:1.0.33 cpe:/a:libpng:libpng:1.2.20:rc1 cpe:/a:libpng:libpng:1.2.16:beta2 cpe:/a:libpng:libpng:1.2.22:beta2 cpe:/a:libpng:libpng:1.2.19:rc1 cpe:/a:libpng:libpng:1.2.8:rc5 cpe:/a:libpng:libpng:1.2.10:beta4 cpe:/a:libpng:libpng:1.2.5:beta2 cpe:/a:libpng:libpng:1.2.19:beta15 cpe:/a:libpng:libpng:1.2.9:beta4 cpe:/a:libpng:libpng:1.2.16:beta1 cpe:/a:libpng:libpng:1.2.17:rc3 cpe:/a:libpng:libpng:1.2.17:rc1 cpe:/a:libpng:libpng:1.2.19:rc3 cpe:/a:libpng:libpng:1.0.7:beta14 cpe:/a:libpng:libpng:1.2.28 cpe:/a:libpng:libpng:1.2.26:beta01 cpe:/a:libpng:libpng:1.0.28:rc6 cpe:/a:libpng:libpng:1.2.3:rc6 cpe:/a:libpng:libpng:1.0.15:rc2 cpe:/a:libpng:libpng:1.2.1:rc1 cpe:/a:libpng:libpng:1.2.19:beta30 cpe:/a:libpng:libpng:1.0.27:rc3 cpe:/a:libpng:libpng:1.2.5:beta3 cpe:/a:libpng:libpng:1.2.25 cpe:/a:libpng:libpng:1.2.9:beta1 cpe:/a:libpng:libpng:1.2.33 cpe:/a:libpng:libpng:1.2.3 cpe:/a:libpng:libpng:1.0.27:rc6 cpe:/a:libpng:libpng:1.2.8:rc1 cpe:/a:libpng:libpng:1.2.8:rc3 cpe:/a:libpng:libpng:1.2.3:rc1 cpe:/a:libpng:libpng:1.2.10:beta2 cpe:/a:libpng:libpng:1.2.2 cpe:/a:libpng:libpng:1.2.19:beta8 cpe:/a:libpng:libpng:1.2.2:beta6 cpe:/a:libpng:libpng:1.2.2:beta3 cpe:/a:libpng:libpng:1.0.9:beta7 cpe:/a:libpng:libpng:1.0.2 cpe:/a:libpng:libpng:1.0.11:rc1 cpe:/a:libpng:libpng:1.0.8:beta1 cpe:/a:libpng:libpng:1.2.1:beta3 cpe:/a:libpng:libpng:1.0.6 cpe:/a:libpng:libpng:1.0.7:beta18 cpe:/a:libpng:libpng:1.2.3:rc2 cpe:/a:libpng:libpng:1.2.19:beta20 cpe:/a:libpng:libpng:1.2.21 cpe:/a:libpng:libpng:1.2.9:beta5 cpe:/a:libpng:libpng:1.0.19:rc2 cpe:/a:libpng:libpng:1.2.14:beta1 cpe:/a:libpng:libpng:1.0.9 cpe:/a:libpng:libpng:1.0.38 cpe:/a:libpng:libpng:1.2.6:beta2 cpe:/a:libpng:libpng:1.2.5:rc3 cpe:/a:libpng:libpng:1.0.28:rc4 cpe:/a:libpng:libpng:1.0.27:rc2 cpe:/a:libpng:libpng:1.0.17:rc1 cpe:/a:libpng:libpng:1.2.15:rc3 cpe:/a:libpng:libpng:1.2.15:beta1 cpe:/a:libpng:libpng:1.2.20:rc2 cpe:/a:libpng:libpng:1.0.7:rc2 cpe:/a:libpng:libpng:1.2.5:beta1 cpe:/a:libpng:libpng:1.0.29:beta1 cpe:/a:libpng:libpng:1.0.28 cpe:/a:libpng:libpng:1.2.6 cpe:/a:libpng:libpng:1.2.7:beta1 cpe:/a:libpng:libpng:1.2.1:beta1 cpe:/a:libpng:libpng:1.0.14 cpe:/a:libpng:libpng:1.0.6:f cpe:/a:libpng:libpng:1.2.11:rc1 cpe:/a:libpng:libpng:1.0.7:beta13 cpe:/a:libpng:libpng:1.2.10:rc1 cpe:/a:libpng:libpng:1.2.6:rc3 cpe:/a:libpng:libpng:1.0.7:beta15 cpe:/a:libpng:libpng:1.2.19:beta9 cpe:/a:libpng:libpng:1.2.19:beta5 cpe:/a:libpng:libpng:1.0.11:beta1 cpe:/a:libpng:libpng:1.2.19:beta28 cpe:/a:libpng:libpng:1.2.25:beta03 cpe:/a:libpng:libpng:1.2.29 cpe:/a:libpng:libpng:1.2.17:beta1 cpe:/a:libpng:libpng:1.2.21:beta1 cpe:/a:libpng:libpng:1.0.23 cpe:/a:libpng:libpng:1.0.9:beta4 cpe:/a:libpng:libpng:1.2.31 cpe:/a:libpng:libpng:1.2.8:beta1 cpe:/a:libpng:libpng:1.0.1 cpe:/a:libpng:libpng:1.2.13:beta1 cpe:/a:libpng:libpng:1.2.0:beta2 cpe:/a:libpng:libpng:1.2.20 cpe:/a:libpng:libpng:1.2.10:beta5 cpe:/a:libpng:libpng:1.0.9:rc1 cpe:/a:libpng:libpng:1.2.5:rc1 cpe:/a:libpng:libpng:1.2.0:beta4 cpe:/a:libpng:libpng:1.2.1:beta2 cpe:/a:libpng:libpng:1.0.8:beta4 cpe:/a:libpng:libpng:1.0.41 cpe:/a:libpng:libpng:1.2.9:beta8 cpe:/a:libpng:libpng:1.0.32 cpe:/a:libpng:libpng:1.2.19:rc4 cpe:/a:libpng:libpng:1.0.7:beta12 cpe:/a:libpng:libpng:1.0.9:beta8 cpe:/a:libpng:libpng:1.0.11 cpe:/a:libpng:libpng:1.0.9:beta5 cpe:/a:libpng:libpng:1.0.13 cpe:/a:libpng:libpng:1.0.6:i cpe:/a:libpng:libpng:1.2.1:beta4 cpe:/a:libpng:libpng:1.0.3 cpe:/a:libpng:libpng:1.2.15:beta5 cpe:/a:libpng:libpng:1.0.25 cpe:/a:libpng:libpng:1.0.27 cpe:/a:libpng:libpng:1.2.7 cpe:/a:libpng:libpng:1.2.13:rc1 cpe:/a:libpng:libpng:1.0.21 cpe:/a:libpng:libpng:1.0.28:rc3 cpe:/a:libpng:libpng:1.2.17:beta2 cpe:/a:libpng:libpng:1.2.11:rc5 cpe:/a:libpng:libpng:1.2.11:rc2 cpe:/a:libpng:libpng:1.2.19:beta10 cpe:/a:libpng:libpng:1.2.4:beta2 cpe:/a:libpng:libpng:1.2.19:rc5 cpe:/a:libpng:libpng:1.2.19:beta4 cpe:/a:libpng:libpng:1.0.19:rc3 cpe:/a:libpng:libpng:1.2.19:beta25 cpe:/a:libpng:libpng:1.2.5:rc2 cpe:/a:libpng:libpng:1.2.27 cpe:/a:libpng:libpng:1.2.0:rc1 cpe:/a:libpng:libpng:1.2.19:beta6 cpe:/a:libpng:libpng:1.0.8:rc1 cpe:/a:libpng:libpng:1.2.26:beta05 cpe:/a:libpng:libpng:1.0.29:rc1 cpe:/a:libpng:libpng:1.2.22:beta3 cpe:/a:libpng:libpng:1.2.9:beta2 cpe:/a:libpng:libpng:1.2.15:beta3 cpe:/a:libpng:libpng:1.2.9:beta6 cpe:/a:libpng:libpng:1.0.23:rc5 cpe:/a:libpng:libpng:1.2.14 cpe:/a:libpng:libpng:1.2.20:rc5 cpe:/a:libpng:libpng:1.2.9:beta7 cpe:/a:libpng:libpng:1.2.19:beta19 cpe:/a:libpng:libpng:1.2.17:rc4 cpe:/a:libpng:libpng:1.2.10:beta7 cpe:/a:libpng:libpng:1.0.21:rc1 cpe:/a:libpng:libpng:1.2.25:rc02 cpe:/a:libpng:libpng:1.2.19:beta7 cpe:/a:libpng:libpng:1.0.34 cpe:/a:libpng:libpng:1.2.8:beta2 cpe:/a:libpng:libpng:1.2.4:beta3 cpe:/a:libpng:libpng:1.2.6:beta4 cpe:/a:libpng:libpng:1.2.19:beta12 cpe:/a:libpng:libpng:1.2.19:beta24 cpe:/a:libpng:libpng:1.2.30 cpe:/a:libpng:libpng:1.2.15:beta6 cpe:/a:libpng:libpng:1.2.2:rc1 cpe:/a:libpng:libpng:1.2.16:rc1 cpe:/a:libpng:libpng:1.0.0 cpe:/a:libpng:libpng:1.0.24 cpe:/a:libpng:libpng:1.2.32 cpe:/a:libpng:libpng:1.2.19:beta22 cpe:/a:libpng:libpng:1.0.9:beta9 cpe:/a:libpng:libpng:1.2.19:beta33 cpe:/a:libpng:libpng:1.2.34 cpe:/a:libpng:libpng:1.0.35 cpe:/a:libpng:libpng:1.0.9:rc2 cpe:/a:libpng:libpng:1.2.22:beta1 cpe:/a:libpng:libpng:1.2.25:beta06 cpe:/a:libpng:libpng:1.2.10:beta6 cpe:/a:libpng:libpng:1.2.11:rc3 cpe:/a:libpng:libpng:1.0.37 cpe:/a:libpng:libpng:1.0.29 cpe:/a:libpng:libpng:1.0.20 cpe:/a:libpng:libpng:1.2.26 cpe:/a:libpng:libpng:1.2.6:rc2 cpe:/a:libpng:libpng:1.2.16 cpe:/a:libpng:libpng:1.2.19:beta27 cpe:/a:libpng:libpng:1.2.19:beta3 cpe:/a:libpng:libpng:1.2.24 cpe:/a:libpng:libpng:1.0.6:e cpe:/a:libpng:libpng:1.0.7:rc1 cpe:/a:libpng:libpng:1.2.11:beta4 cpe:/a:libpng:libpng:1.2.10:beta1 cpe:/a:libpng:libpng:1.0.11:beta3 cpe:/a:libpng:libpng:1.0.29:rc3 cpe:/a:libpng:libpng:1.2.9:beta10 cpe:/a:libpng:libpng:1.2.20:rc3 cpe:/a:libpng:libpng:1.2.6:beta3 cpe:/a:libpng:libpng:1.0.5 cpe:/a:libpng:libpng:1.2.20:rc6 cpe:/a:libpng:libpng:1.0.19:rc1 cpe:/a:libpng:libpng:1.2.19:beta23 cpe:/a:libpng:libpng:1.0.27:rc1 cpe:/a:libpng:libpng:1.2.6:rc4 cpe:/a:libpng:libpng:1.2.15:rc4 cpe:/a:libpng:libpng:1.2.23 cpe:/a:libpng:libpng:1.2.26:beta02 cpe:/a:libpng:libpng:1.2.19:beta1 cpe:/a:libpng:libpng:1.0.8:beta2 cpe:/a:libpng:libpng:1.0.23:rc2 cpe:/a:libpng:libpng:1.2.1 cpe:/a:libpng:libpng:1.0.31 cpe:/a:libpng:libpng:1.2.17 cpe:/a:libpng:libpng:1.2.0 cpe:/a:libpng:libpng:1.0.10:beta1 cpe:/a:libpng:libpng:1.2.21:beta2 cpe:/a:libpng:libpng:1.0.17 cpe:/a:libpng:libpng:1.2.5 cpe:/a:libpng:libpng:1.2.25:beta04 cpe:/a:libpng:libpng:1.0.40 cpe:/a:libpng:libpng:1.0.23:rc4 cpe:/a:libpng:libpng:1.2.8:beta3 cpe:/a:libpng:libpng:1.2.15:rc1 cpe:/a:libpng:libpng:1.2.17:rc2 cpe:/a:libpng:libpng:0.95 cpe:/a:libpng:libpng:1.2.2:beta2 cpe:/a:libpng:libpng:1.2.3:rc4 cpe:/a:libpng:libpng:1.0.9:beta3 cpe:/a:libpng:libpng:1.0.9:beta2 cpe:/a:libpng:libpng:1.2.2:beta5 cpe:/a:libpng:libpng:1.0.9:beta10 cpe:/a:libpng:libpng:1.0.24:rc1 cpe:/a:libpng:libpng:1.0.7:beta16 cpe:/a:libpng:libpng:1.0.12:rc1 cpe:/a:libpng:libpng:1.2.3:rc5 cpe:/a:libpng:libpng:1.0.15:rc1 cpe:/a:libpng:libpng:1.0.29:rc2 cpe:/a:libpng:libpng:1.0.9:beta6 cpe:/a:libpng:libpng:1.2.19:rc6 cpe:/a:libpng:libpng:1.2.6:rc1 cpe:/a:libpng:libpng:1.0.22:rc1 cpe:/a:libpng:libpng:1.2.8:beta5 cpe:/a:libpng:libpng:1.0.39 cpe:/a:libpng:libpng:1.2.10:rc2 CVE-2009-0040 2009-02-22T17:30:00.203-05:00 2013-05-14T22:53:14.150-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-23T16:03:00.000-05:00 CERT TA09-218A CERT TA09-133A CERT-VN VU#649212 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-1976 FEDORA FEDORA-2009-2045 XF libpng-pointer-arrays-code-execution(48819) VUPEN ADV-2009-2172 VUPEN ADV-2009-1621 VUPEN ADV-2009-1560 VUPEN ADV-2009-1522 VUPEN ADV-2009-1462 VUPEN ADV-2009-1451 VUPEN ADV-2009-1297 VUPEN ADV-2009-0632 VUPEN ADV-2009-0473 VUPEN ADV-2009-0469 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0007.html BID 33990 BID 33827 BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server BUGTRAQ 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues BUGTRAQ 20090312 rPSA-2009-0046-1 libpng REDHAT RHSA-2009:0340 REDHAT RHSA-2009:0333 REDHAT RHSA-2009:0325 REDHAT RHSA-2009:0315 MANDRIVA MDVSA-2009:083 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:051 DEBIAN DSA-1830 DEBIAN DSA-1750 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0046 CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.apple.com/kb/HT3757 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://support.apple.com/kb/HT3613 CONFIRM http://support.apple.com/kb/HT3549 SUNALERT 1020521 SUNALERT 259989 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 MLIST [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability SLACKWARE SSA:2009-083-03 SLACKWARE SSA:2009-083-02 GENTOO GLSA-201209-25 GENTOO GLSA-200903-28 SECUNIA 36096 SECUNIA 35386 SECUNIA 35379 SECUNIA 35302 SECUNIA 35258 SECUNIA 35074 SECUNIA 34464 SECUNIA 34462 SECUNIA 34388 SECUNIA 34324 SECUNIA 34320 SECUNIA 34272 SECUNIA 34265 SECUNIA 34210 SECUNIA 34152 SECUNIA 34145 SECUNIA 34143 SECUNIA 34140 SECUNIA 34137 SECUNIA 33976 SECUNIA 33970 MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server SUSE SUSE-SA:2009:023 SUSE SUSE-SA:2009:012 SUSE SUSE-SR:2009:005 APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-06-08-1 APPLE APPLE-SA-2009-08-05-1 CONFIRM http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt CONFIRM ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. cpe:/a:asterisk:open_source:1.6.0.1 cpe:/a:asterisk:open_source:1.4.8 cpe:/a:asterisk:open_source:1.4.23 cpe:/a:asterisk:open_source:1.2.16:netsec cpe:/a:asterisk:open_source:1.6.0.3 cpe:/a:asterisk:open_source:1.4.19:rc3 cpe:/a:asterisk:open_source:1.6.0.3:rc1 cpe:/a:asterisk:open_source:1.2.25:netsec cpe:/a:asterisk:open_source:1.6.0:beta1 cpe:/a:asterisk:open_source:1.4.21 cpe:/a:asterisk:open_source:1.4.18.1 cpe:/a:asterisk:open_source:1.2.21.1 cpe:/a:asterisk:open_source:1.4.12 cpe:/a:asterisk:open_source:1.2.20:netsec cpe:/a:asterisk:open_source:1.4.21:rc1 cpe:/a:asterisk:open_source:1.4.12.1 cpe:/a:asterisk:open_source:1.4.11 cpe:/a:asterisk:open_source:1.4.22 cpe:/a:asterisk:open_source:1.2.13:netsec cpe:/a:asterisk:open_source:1.4.16.1 cpe:/a:asterisk:open_source:1.2.3 cpe:/a:asterisk:open_source:1.2.0:rc2 cpe:/a:asterisk:open_source:1.2.0:beta2 cpe:/a:asterisk:open_source:1.2.23:netsec cpe:/a:asterisk:asterisk_business_edition:b.2.3.2 cpe:/a:asterisk:open_source:1.4.0:beta4 cpe:/a:asterisk:open_source:1.4.17 cpe:/a:asterisk:open_source:1.4.21.1 cpe:/a:asterisk:open_source:1.4.13 cpe:/a:asterisk:asterisk_business_edition:b.2.5.1 cpe:/a:asterisk:open_source:1.4.21.2 cpe:/a:asterisk:open_source:1.2.26.1:netsec cpe:/a:asterisk:open_source:1.6.0:beta7 cpe:/a:asterisk:open_source:1.4.10.1 cpe:/a:asterisk:open_source:1.4.19.2 cpe:/a:asterisk:open_source:1.4.23:rc3 cpe:/a:asterisk:open_source:1.6.0:rc5 cpe:/a:asterisk:open_source:1.4.10 cpe:/a:asterisk:open_source:1.4.22.2 cpe:/a:asterisk:open_source:1.4.16 cpe:/a:asterisk:open_source:1.2.30 cpe:/a:asterisk:open_source:1.2.20 cpe:/a:asterisk:open_source:1.4.7 cpe:/a:asterisk:open_source:1.4.2 cpe:/a:asterisk:open_source:1.2.18 cpe:/a:asterisk:open_source:1.2.26.2:netsec cpe:/a:asterisk:open_source:1.4.1 cpe:/a:asterisk:open_source:1.6.0:rc4 cpe:/a:asterisk:open_source:1.2.26.2 cpe:/a:asterisk:open_source:1.2.14 cpe:/a:asterisk:open_source:1.2.0beta1 cpe:/a:asterisk:open_source:1.2.10:netsec cpe:/a:asterisk:open_source:1.2.17 cpe:/a:asterisk:open_source:1.2.12 cpe:/a:asterisk:open_source:1.2.30.2 cpe:/a:asterisk:asterisk_business_edition:b.2.3.6 cpe:/a:asterisk:open_source:1.2.30.4 cpe:/a:asterisk:open_source:1.2.30.3 cpe:/a:asterisk:open_source:1.2.24:netsec cpe:/a:asterisk:open_source:1.4beta cpe:/a:asterisk:open_source:1.4.20:rc3 cpe:/a:asterisk:open_source:1.2.18:netsec cpe:/a:asterisk:open_source:1.2.25 cpe:/a:asterisk:open_source:1.2.10 cpe:/a:asterisk:open_source:1.4.9 cpe:/a:asterisk:open_source:1.4.22:rc4 cpe:/a:asterisk:open_source:1.2.13 cpe:/a:asterisk:open_source:1.2.26.1 cpe:/a:asterisk:open_source:1.4.19:rc1 cpe:/a:asterisk:open_source:1.2.15:netsec cpe:/a:asterisk:open_source:1.2.1 cpe:/a:asterisk:asterisk_business_edition:b.2.3.5 cpe:/a:asterisk:open_source:1.6.0:beta9 cpe:/a:asterisk:open_source:1.2.24 cpe:/a:asterisk:asterisk_business_edition:b.1.3.3 cpe:/a:asterisk:open_source:1.6.0:beta8 cpe:/a:asterisk:open_source:1.2.15 cpe:/a:asterisk:open_source:1.2.12.1:netsec cpe:/a:asterisk:open_source:1.2.27 cpe:/a:asterisk:open_source:1.2.2 cpe:/a:asterisk:open_source:1.4.0:beta2 cpe:/a:asterisk:open_source:1.4.19:rc2 cpe:/a:asterisk:asterisk_business_edition:b.2.2.1 cpe:/a:asterisk:open_source:1.4.20 cpe:/a:asterisk:open_source:1.4.20:rc1 cpe:/a:asterisk:open_source:1.2.12:netsec cpe:/a:asterisk:open_source:1.6.0:beta5 cpe:/a:asterisk:open_source:1.2.0:beta1 cpe:/a:asterisk:open_source:1.6.0.2 cpe:/a:asterisk:asterisk_business_edition:b.2.5.3 cpe:/a:asterisk:open_source:1.4.4 cpe:/a:asterisk:asterisk_business_edition:b.2.3.3 cpe:/a:asterisk:asterisk_business_edition:b.2.5.2 cpe:/a:asterisk:asterisk_business_edition:a cpe:/a:asterisk:open_source:1.2.3:netsec cpe:/a:asterisk:open_source:1.4.0:beta3 cpe:/a:asterisk:open_source:1.2.0:rc1 cpe:/a:asterisk:open_source:1.2.12.1 cpe:/a:asterisk:open_source:1.2.28 cpe:/a:asterisk:open_source:1.4.19:rc4 cpe:/a:asterisk:open_source:1.2.19:netsec cpe:/a:asterisk:open_source:1.2.16 cpe:/a:asterisk:open_source:1.2.11:netsec cpe:/a:asterisk:open_source:1.4.18 cpe:/h:asterisk:s800i_appliance:1.2 cpe:/a:asterisk:open_source:1.4.5 cpe:/a:asterisk:open_source:1.4.23:rc1 cpe:/a:asterisk:open_source:1.2.26:netsec cpe:/a:asterisk:open_source:1.6.0:beta3 cpe:/a:asterisk:open_source:1.2.11 cpe:/a:asterisk:open_source:1.4.19 cpe:/a:asterisk:asterisk_business_edition:b.2.2.0 cpe:/a:asterisk:open_source:1.2.0 cpe:/a:asterisk:open_source:1.2.23 cpe:/a:asterisk:open_source:1.4.0 cpe:/a:asterisk:open_source:1.6.0:beta2 cpe:/a:asterisk:open_source:1.4.23:rc2 cpe:/a:asterisk:open_source:1.2.22 cpe:/a:asterisk:open_source:1.4.19.1 cpe:/a:asterisk:open_source:1.6.0:beta7.1 cpe:/a:asterisk:asterisk_business_edition:b.2.3.1 cpe:/a:asterisk:open_source:1.4.14 cpe:/a:asterisk:open_source:1.6.0:rc6 cpe:/a:asterisk:open_source:1.2.29 cpe:/a:asterisk:open_source:1.4.20:rc2 cpe:/a:asterisk:open_source:1.2.22:netsec cpe:/a:asterisk:open_source:1.4.3 cpe:/a:asterisk:asterisk_business_edition:b.2.5.0 cpe:/a:asterisk:asterisk_business_edition:b.2.3.4 cpe:/a:asterisk:open_source:1.4.15 cpe:/a:asterisk:open_source:1.4_revision_95946 cpe:/a:asterisk:open_source:1.2.26 cpe:/a:asterisk:open_source:1.2.21 cpe:/a:asterisk:asterisk_business_edition:b.1.3.2 cpe:/a:asterisk:open_source:1.2.2:netsec cpe:/a:asterisk:open_source:1.2.17:netsec cpe:/a:asterisk:open_source:1.4.22:rc3 cpe:/a:asterisk:open_source:1.4.7.1 cpe:/a:asterisk:open_source:1.2.21.1:netsec cpe:/a:asterisk:open_source:1.2.14:netsec cpe:/a:asterisk:open_source:1.2.0beta2 cpe:/a:asterisk:open_source:1.2.19 cpe:/a:asterisk:open_source:1.6.0:beta4 cpe:/a:asterisk:open_source:1.2.21:netsec cpe:/a:asterisk:open_source:1.4.16.2 cpe:/a:asterisk:open_source:1.4.6 cpe:/a:asterisk:asterisk_business_edition:c.1.0:beta7 cpe:/a:asterisk:open_source:1.4.22.1 cpe:/a:asterisk:open_source:1.4.21:rc2 cpe:/a:asterisk:asterisk_business_edition:c.1.0:beta8 CVE-2009-0041 2009-01-14T18:30:00.187-05:00 2011-03-07T22:17:48.813-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-15T09:43:00.000-05:00 BID 33174 VUPEN ADV-2009-0063 SECTRACK 1021549 BUGTRAQ 20090108 AST-2009-001: Information leak in IAX2 authentication DEBIAN DSA-1952 SREASON 4910 GENTOO GLSA-200905-01 SECUNIA 37677 SECUNIA 34982 SECUNIA 33453 CONFIRM http://downloads.digium.com/pub/security/AST-2009-001.html IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. cpe:/a:ca:arcserve_client_agent:_nil_:_nil_:windows cpe:/a:ca:network_and_systems_management:r11.1 cpe:/a:ca:protection_suites:r2 cpe:/a:ca:secure_content_manager:8.1 cpe:/a:ca:common_services:11 cpe:/a:ca:anti-virus:2008 cpe:/a:ca:etrust_ez_antivirus:r6.1 cpe:/a:ca:threat_manager_for_the_enterprise:r8 cpe:/a:ca:secure_content_manager:8.0 cpe:/a:ca:anti-virus:2007:8 cpe:/a:ca:internet_security_suite_plus_2008 cpe:/a:ca:anti-virus_sdk cpe:/a:ca:common_services:11.1 cpe:/a:ca:anti-spyware:2007 cpe:/a:ca:anti-spyware:2008 cpe:/a:ca:anti-virus_for_the_enterprise:8.1 cpe:/a:ca:anti-spyware_for_the_enterprise:r8 cpe:/a:ca:internet_security_suite_2007:3 cpe:/a:ca:antivirus_gateway:7.1 cpe:/a:ca:etrust_intrusion_detection:2.0:sp1 cpe:/a:ca:etrust_intrusion_detection:4.0 cpe:/a:ca:network_and_systems_management:r3.0 cpe:/a:ca:threat_manager_for_the_enterprise:8.1 cpe:/a:ca:network_and_systems_management:r3.1 cpe:/a:ca:arcserve_backup:r11.1:_nil_:linux cpe:/a:ca:etrust_ez_antivirus:r7 cpe:/a:ca:anti-virus_for_the_enterprise:r8 cpe:/a:ca:protection_suites:r3.1 cpe:/a:ca:anti-virus_for_the_enterprise:7.1 cpe:/a:ca:arcserve_backup:r12.0_nil_:windows cpe:/a:ca:network_and_systems_management:r11 cpe:/a:ca:protection_suites:r3 cpe:/a:ca:arcserve_backup:r11.1:_nil_:windows cpe:/a:ca:anti-spyware_for_the_enterprise:8.1 cpe:/a:ca:internet_security_suite_2008 cpe:/a:ca:arcserve_backup:r11.5_nil_:linux cpe:/a:ca:etrust_intrusion_detection:3.0:sp1 cpe:/a:ca:arcserve_backup:r11.5_nil_:windows cpe:/a:ca:etrust_intrusion_detection:3.0 CVE-2009-0042 2009-01-27T20:30:00.453-05:00 2011-03-07T22:17:48.953-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-28T11:30:00.000-05:00 ALLOWS_ADMIN_ACCESS XF ca-antivirus-engine-security-bypass(48261) VUPEN ADV-2009-0270 SECTRACK 1021639 BID 33464 BUGTRAQ 20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CONFIRM http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. cpe:/a:ca:service_metric_analysis:r11.1 cpe:/a:ca:service_level_management:3.5 cpe:/a:ca:service_metric_analysis:r11.1:sp1 cpe:/a:ca:service_metric_analysis:r11.0 CVE-2009-0043 2009-01-08T14:30:11.250-05:00 2011-03-07T22:17:49.063-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-09T08:47:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148 BID 33161 VUPEN ADV-2009-0053 BUGTRAQ 20090107 CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability SREASON 4887 CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. cpe:/a:sun:grid_engine:5.3:beta1 cpe:/a:sun:grid_engine:5.3 cpe:/a:sun:grid_engine:5.3:beta2 CVE-2009-0046 2009-01-07T13:30:01.453-05:00 2012-10-30T23:13:08.560-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T15:07:00.000-05:00 VUPEN ADV-2009-0045 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:gale:gale:0.16 cpe:/a:gale:gale:0.15b cpe:/a:gale:gale:0.90c cpe:/a:gale:gale:0.19a cpe:/a:gale:gale:0.15c cpe:/a:gale:gale:0.18 cpe:/a:gale:gale:0.90a cpe:/a:gale:gale:0.91a cpe:/a:gale:gale:0.18b cpe:/a:gale:gale:0.17a cpe:/a:gale:gale:0.21 cpe:/a:gale:gale:0.99 cpe:/a:gale:gale:0.90b cpe:/a:gale:gale:0.16a cpe:/a:gale:gale:0.19b cpe:/a:gale:gale:0.17 cpe:/a:gale:gale:0.18c cpe:/a:gale:gale:0.91b cpe:/a:gale:gale:0.19 cpe:/a:gale:gale:0.91 cpe:/a:gale:gale:0.15 cpe:/a:gale:gale:0.20a CVE-2009-0047 2009-01-07T13:30:13.280-05:00 2012-10-30T23:13:08.747-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T16:45:00.000-05:00 VUPEN ADV-2009-0046 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:openevidence:openevidence:1.0.6 cpe:/a:openevidence:openevidence:1.0.5 CVE-2009-0048 2009-01-07T13:30:15.827-05:00 2012-10-30T23:13:08.950-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T16:57:00.000-05:00 VUPEN ADV-2009-0047 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:eid:eidlib:2.6.0 CVE-2009-0049 2009-01-07T13:30:15.843-05:00 2012-10-30T23:13:09.187-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T17:01:00.000-05:00 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html SECUNIA 34029 SUSE SUSE-SR:2009:005 Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:entrouvert:lasso:2.0.0-1 cpe:/a:entrouvert:lasso:1.9.9.0 cpe:/a:entrouvert:lasso:2.2.1-0 CVE-2009-0050 2009-01-07T13:30:15.860-05:00 2012-10-30T23:13:09.373-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-07T17:07:00.000-05:00 XF openssl-dsa-verify-security-bypass(47837) BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:zxid:zxid:0.13 cpe:/a:zxid:zxid:0.10 cpe:/a:zxid:zxid:0.4 cpe:/a:zxid:zxid:0.6 cpe:/a:zxid:zxid:0.26 cpe:/a:zxid:zxid:0.12 cpe:/a:zxid:zxid:0.16 cpe:/a:zxid:zxid:0.2 cpe:/a:zxid:zxid:0.9 cpe:/a:zxid:zxid:0.28 cpe:/a:zxid:zxid:0.8 cpe:/a:zxid:zxid:0.11 cpe:/a:zxid:zxid:0.17 cpe:/a:zxid:zxid:0.21 cpe:/a:zxid:zxid:0.1 cpe:/a:zxid:zxid:0.15 cpe:/a:zxid:zxid:0.22 cpe:/a:zxid:zxid:0.25 cpe:/a:zxid:zxid:0.20 cpe:/a:zxid:zxid:0.14 cpe:/a:zxid:zxid:0.7 cpe:/a:zxid:zxid:0.18 cpe:/a:zxid:zxid:0.27 cpe:/a:zxid:zxid:0.5 cpe:/a:zxid:zxid:0.29 cpe:/a:zxid:zxid:0.3 cpe:/a:zxid:zxid:0.19 CVE-2009-0051 2009-01-07T13:30:15.890-05:00 2012-10-30T23:13:09.577-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-07T17:28:00.000-05:00 XF openssl-dsa-verify-security-bypass(47837) BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses MISC http://www.ocert.org/advisories/ocert-2008-016.html ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/h:atheros:ar9160-bc1a_chipset cpe:/a:netgear:wndap330_firmware:2.1.11 CVE-2009-0052 2009-11-12T18:30:00.577-05:00 2012-01-05T00:00:00.000-05:00 5.5 ADJACENT_NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2009-11-13T08:57:00.000-05:00 XF netgear-wndap330-frame-dos(54216) VUPEN ADV-2009-3212 BID 36991 BUGTRAQ 20091110 Atheros Driver Reserved Frame Vulnerability OSVDB 59880 SECUNIA 37344 The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_postx:6.2.2.2 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 CVE-2009-0053 2009-01-16T16:30:03.407-05:00 2011-03-07T22:17:49.813-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-19T15:04:00.000-05:00 VUPEN ADV-2009-0140 BID 33268 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities SECTRACK 1021593 SECUNIA 33479 OSVDB 51395 PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_postx:6.2.2.2 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 CVE-2009-0054 2009-01-16T16:30:03.437-05:00 2011-03-07T22:17:49.923-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-19T15:18:00.000-05:00 VUPEN ADV-2009-0140 BID 33268 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities SECTRACK 1021593 SECUNIA 33479 OSVDB 51396 PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_postx:6.2.2.2 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 CVE-2009-0055 2009-01-16T16:30:03.453-05:00 2011-03-07T22:17:50.017-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-19T15:27:00.000-05:00 VUPEN ADV-2009-0140 BID 33268 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities SECTRACK 1021594 SECUNIA 33479 OSVDB 51397 Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_postx:6.2.2.2 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 CVE-2009-0056 2009-01-16T16:30:03.467-05:00 2011-03-07T22:17:50.127-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-19T15:30:00.000-05:00 VUPEN ADV-2009-0140 BID 33268 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities SECTRACK 1021594 SECUNIA 33479 OSVDB 51398 Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. cpe:/a:cisco:unified_communications_manager:5.1:5.1%281%29 cpe:/a:cisco:unified_communications_manager:6.0_1 cpe:/a:cisco:unified_communications_manager:5.0_3 cpe:/a:cisco:unified_communications_manager:5.1:%281%29 cpe:/a:cisco:unified_communications_manager:5.0_2 cpe:/a:cisco:unified_communications_manager:6.0 cpe:/a:cisco:unified_communications_manager:5.0 cpe:/a:cisco:unified_communications_manager:5.1:5.1_%282a%29 cpe:/a:cisco:unified_communications_manager:5.1:%282%29 cpe:/a:cisco:unified_communications_manager:5.0_4a cpe:/a:cisco:unified_communications_manager:5.1_2a cpe:/a:cisco:unified_communications_manager:6.1.0 cpe:/a:cisco:unified_communications_manager:6.1 cpe:/a:cisco:unified_communications_manager:5.1_1 cpe:/a:cisco:unified_communications_manager:5.1:%283a%29 cpe:/a:cisco:unified_communications_manager:6.0:%281%29 cpe:/a:cisco:unified_communications_manager:5.1:%282a%29 cpe:/a:cisco:unified_communications_manager:5.0_4a_su1 cpe:/a:cisco:unified_communications_manager:5.0_4 cpe:/a:cisco:unified_communications_manager:5.1_%282a%29 cpe:/a:cisco:unified_communications_manager:5.1_2 cpe:/a:cisco:unified_communications_manager:6.1%282%29 cpe:/a:cisco:unified_communications_manager:6.0:%281a%29 cpe:/a:cisco:unified_communications_manager:5.1%283c%29 cpe:/a:cisco:unified_communications_manager:6.1:%281a%29 cpe:/a:cisco:unified_communications_manager:5.0_3a cpe:/a:cisco:unified_communications_manager:5.1_3a cpe:/a:cisco:unified_communications_manager:5.1 cpe:/a:cisco:unified_communications_manager:6.1_1a cpe:/a:cisco:unified_communications_manager:5.0_1 cpe:/a:cisco:unified_communications_manager:6.0_1a cpe:/a:cisco:unified_communications_manager:5.1.2 cpe:/a:cisco:unified_communications_manager:5.1:%282b%29 cpe:/a:cisco:unified_communications_manager:5.1%282%29 cpe:/a:cisco:unified_communications_manager:5.1%281%29 cpe:/a:cisco:unified_communications_manager:5.1_2b CVE-2009-0057 2009-01-22T13:30:03.813-05:00 2011-03-07T22:17:50.220-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-01-22T14:22:00.000-05:00 XF cucm-capf-dos-var1(48139) VUPEN ADV-2009-0213 SECTRACK 1021620 BID 33379 CISCO 20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability SECUNIA 33588 The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:4400_wireless_lan_controller:5.2 CVE-2009-0058 2009-02-04T19:30:00.267-05:00 2009-03-06T01:49:09.127-05:00 6.1 ADJACENT_NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-05T12:01:00.000-05:00 SECTRACK 1021679 BID 33608 CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers SECUNIA 33749 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner. cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:4400_wireless_lan_controller:5.2 CVE-2009-0059 2009-02-04T19:30:00.280-05:00 2009-03-06T01:49:09.233-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-05T11:57:00.000-05:00 SECTRACK 1021679 BID 33608 CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers SECUNIA 33749 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html. cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:5.0 cpe:/h:cisco:wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.0 CVE-2009-0061 2009-02-04T19:30:00.297-05:00 2009-03-06T01:49:09.377-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-05T12:15:00.000-05:00 SECTRACK 1021679 BID 33608 CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers SECUNIA 33749 Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets. cpe:/h:cisco:catalyst_6500_wireless_services_modules:4.2 cpe:/h:cisco:wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0 cpe:/h:cisco:wireless_lan_controller:4.2.173.0 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 CVE-2009-0062 2009-02-04T19:30:00.327-05:00 2009-03-06T01:49:09.500-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-05T12:39:00.000-05:00 ALLOWS_ADMIN_ACCESS SECTRACK 1021678 BID 33608 CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers SECUNIA 33749 Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels. cpe:/h:symantec:brightmail_gateway_appliance:7.5 cpe:/h:symantec:brightmail_gateway_appliance:7.6 cpe:/h:symantec:brightmail_gateway_appliance:8.0 cpe:/h:symantec:brightmail_gateway_appliance:7.7 CVE-2009-0063 2009-04-24T11:30:00.187-04:00 2013-02-06T23:13:43.563-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-04-24T13:46:00.000-04:00 VUPEN ADV-2009-1155 SECTRACK 1022116 XF brightmail-controlcenter-xss(50074) CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 BID 34641 SECUNIA 34885 OSVDB 53944 Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. cpe:/h:symantec:brightmail_gateway_appliance:7.5 cpe:/h:symantec:brightmail_gateway_appliance:7.6 cpe:/h:symantec:brightmail_gateway_appliance:8.0 cpe:/h:symantec:brightmail_gateway_appliance:7.7 CVE-2009-0064 2009-04-24T11:30:00.203-04:00 2013-02-06T23:13:43.767-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-24T13:55:00.000-04:00 VUPEN ADV-2009-1155 SECTRACK 1022117 XF brightmail-consolescripts-priv-escalation(50075) CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 BID 34639 SECUNIA 34885 OSVDB 53945 Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 CVE-2009-0065 2009-01-07T14:30:00.280-05:00 2012-03-19T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-08T07:55:00.000-05:00 ALLOWS_ADMIN_ACCESS FEDORA FEDORA-2009-0816 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=478800 VUPEN ADV-2009-2193 VUPEN ADV-2009-0029 UBUNTU USN-751-1 SECTRACK 1022698 BID 33113 REDHAT RHSA-2009:1055 REDHAT RHSA-2009:0331 REDHAT RHSA-2009:0053 MLIST [oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID DEBIAN DSA-1794 DEBIAN DSA-1787 DEBIAN DSA-1749 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm SECUNIA 36191 SECUNIA 35394 SECUNIA 35390 SECUNIA 35174 SECUNIA 35011 SECUNIA 34981 SECUNIA 34762 SECUNIA 34680 SECUNIA 34394 SECUNIA 34252 SECUNIA 33858 SECUNIA 33854 SECUNIA 33674 REDHAT RHSA-2009:0264 CONFIRM http://patchwork.ozlabs.org/patch/15024/ SUSE SUSE-SA:2009:031 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:010 HP SSSRT090149 HP SSSRT090149 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95 Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. cpe:/a:intel:trusted_execution_technology:_nil_ CVE-2009-0066 2009-01-07T14:30:00.297-05:00 2009-01-08T00:00:00.000-05:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-08T08:52:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33119 MISC http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html MISC http://invisiblethingslab.com/press/itl-press-2009-01.pdf MISC http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. cpe:/a:freedesktop:xdg-utils:1.0 CVE-2009-0068 2009-01-07T14:30:00.313-05:00 2009-02-10T01:59:42.920-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-08T08:38:00.000-05:00 ALLOWS_OTHER_ACCESS MISC https://bugs.freedesktop.org/show_bug.cgi?id=19377 BID 33137 MLIST [oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:solaris:10::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:solaris:10::x86 cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_11::sparc CVE-2009-0069 2009-01-07T15:30:00.467-05:00 2011-03-07T22:17:51.203-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-01-08T09:26:00.000-05:00 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139466-02-1 XF solaris-nfs4client-dos(47750) VUPEN ADV-2009-0030 SECTRACK 1021519 BID 33128 SUNALERT 248566 SECUNIA 33361 MLIST [onnv-notify] 20081021 6300710 recursive mutex_enter in nfs4rename_persistent_fh() Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors. cpe:/a:apple:safari CVE-2009-0070 2009-01-08T14:30:11.280-05:00 2009-01-29T02:00:57.390-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-09T09:01:00.000-05:00 ALLOWS_ADMIN_ACCESS XF safari-array-memory-disclosure(48214) MILW0RM 7673 Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0071 2009-01-08T14:30:11.297-05:00 2009-03-25T00:00:00.000-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-01-09T10:12:00.000-05:00 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=472507 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=456727 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=448329 BID 33154 MILW0RM 8219 MILW0RM 8091 FULLDISC 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState FULLDISC 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState FULLDISC 20090107 Firefox 3.0.5 remote vulnerability via queryCommandState Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. cpe:/a:microsoft:internet_explorer:6:sp1 cpe:/a:microsoft:internet_explorer:6:sp2 cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:8:beta2 cpe:/a:microsoft:internet_explorer:8:beta1 CVE-2009-0072 2009-01-08T14:30:11.313-05:00 2009-01-09T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-01-09T10:49:00.000-05:00 XF ie-javascript-screen-dos(47788) BID 33149 MISC http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/ Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. cpe:/a:microsoft:internet_explorer:7 CVE-2009-0075 2009-02-10T17:30:00.250-05:00 2010-03-30T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T09:56:00.000-05:00 CERT TA09-041A MS MS09-002 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-011/ VUPEN ADV-2009-0389 BID 33627 MILW0RM 8082 MILW0RM 8080 MILW0RM 8079 MILW0RM 8077 OSVDB 51839 Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." cpe:/a:microsoft:internet_explorer:7 CVE-2009-0076 2009-02-10T17:30:00.267-05:00 2009-03-06T01:49:11.187-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T10:15:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-041A MS MS09-002 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-012/ VUPEN ADV-2009-0389 Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard cpe:/a:microsoft:forefront_threat_management_gateway:-:-:medium_business cpe:/a:microsoft:internet_security_and_acceleration_server:2006:sp1 cpe:/a:microsoft:internet_security_and_acceleration_server:2006:supportability CVE-2009-0077 2009-04-15T04:00:00.267-04:00 2010-08-21T01:29:41.307-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-04-15T08:29:00.000-04:00 CERT TA09-104A MS MS09-016 VUPEN ADV-2009-1030 SECTRACK 1022045 SECUNIA 34687 OSVDB 53636 The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability." cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp1 cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0078 2009-04-15T04:00:00.327-04:00 2010-08-21T01:29:41.447-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T08:39:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-104A MS MS09-012 VUPEN ADV-2009-1026 SECTRACK 1022044 OSVDB 53666 The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp2 CVE-2009-0079 2009-04-15T04:00:00.377-04:00 2010-08-21T01:29:41.570-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:02:00.000-04:00 CERT TA09-104A MS MS09-012 VUPEN ADV-2009-1026 SECTRACK 1022044 OSVDB 53667 The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." cpe:/o:microsoft:windows_server:2008:-:x32 cpe:/o:microsoft:windows_server:2008:-:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_server:2008:-:itanium cpe:/o:microsoft:windows_vista::sp1 CVE-2009-0080 2009-04-15T04:00:00.407-04:00 2010-08-21T01:29:41.727-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:14:00.000-04:00 CERT TA09-104A MS MS09-012 VUPEN ADV-2009-1026 SECTRACK 1022044 OSVDB 53668 The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0081 2009-03-10T16:30:00.343-04:00 2010-08-21T01:29:41.867-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-11T08:26:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-069A MS MS09-006 VUPEN ADV-2009-0659 SECTRACK 1021826 BID 34012 CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm SECUNIA 34117 OSVDB 52522 The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0082 2009-03-10T16:30:01.483-04:00 2010-08-21T01:29:41.993-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-11T08:47:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-069A VUPEN ADV-2009-0659 SECTRACK 1021827 BID 34027 MS MS09-006 CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm SECUNIA 34117 OSVDB 52523 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0083 2009-03-10T16:30:06.500-04:00 2010-08-21T01:29:42.133-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-11T08:52:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-069A MS MS09-006 VUPEN ADV-2009-0659 SECTRACK 1021827 BID 34025 CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm SECUNIA 34117 OSVDB 52524 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." cpe:/a:microsoft:directx:9.0a cpe:/a:microsoft:directx:9.0 cpe:/a:microsoft:directx:9.0b cpe:/a:microsoft:directx:9.0c cpe:/a:microsoft:directx:8.1 CVE-2009-0084 2009-04-15T04:00:00.420-04:00 2010-08-21T01:29:42.257-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:18:00.000-04:00 CERT TA09-104A MS MS09-011 VUPEN ADV-2009-1025 SECTRACK 1022040 BID 34460 MISC http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm SECUNIA 34665 OSVDB 53632 Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0085 2009-03-10T16:30:06.530-04:00 2010-08-21T01:29:42.400-04:00 7.1 NETWORK MEDIUM NONE NONE COMPLETE NONE http://nvd.nist.gov 2009-03-11T08:59:00.000-04:00 CERT TA09-069A MS MS09-007 VUPEN ADV-2009-0660 SECTRACK 1021828 SECUNIA 34215 OSVDB 52521 The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0086 2009-04-15T04:00:00.453-04:00 2010-08-21T01:29:42.540-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:25:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-104A MS MS09-013 VUPEN ADV-2009-1027 SECTRACK 1022041 BID 34435 SECUNIA 34677 OSVDB 53620 Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." cpe:/o:microsoft:windows_srv:2003:-:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_srv:2003:sp2:x64 cpe:/o:microsoft:windows_server:2003:sp1 cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_srv:2003:sp2:itanium cpe:/o:microsoft:windows_srv:2003:sp1:itanium cpe:/o:microsoft:windows_server:2003:sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows:2000:sp4 cpe:/a:microsoft:office_word:2000:sp3 cpe:/o:microsoft:windows_xp::sp2 cpe:/a:microsoft:office_word:2002:sp3 CVE-2009-0087 2009-04-15T04:00:00.467-04:00 2010-08-21T01:29:42.680-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:38:00.000-04:00 CERT TA09-104A MS MS09-010 VUPEN ADV-2009-1024 SECTRACK 1022043 OSVDB 53662 Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/a:microsoft:office_word:2000:sp3 cpe:/a:microsoft:office_converter_pack:2003 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/a:microsoft:office_word:2002:sp3 CVE-2009-0088 2009-04-15T04:00:00.483-04:00 2010-08-21T01:29:42.867-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T09:41:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-104A MS MS09-010 VUPEN ADV-2009-1024 SECTRACK 1022043 OSVDB 53663 IDEFENSE 20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_vista::gold cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::x32 CVE-2009-0089 2009-04-15T04:00:00.517-04:00 2010-08-21T01:29:43.007-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2009-04-15T09:48:00.000-04:00 CERT TA09-104A MS MS09-013 VUPEN ADV-2009-1027 SECTRACK 1022041 BID 34437 SECUNIA 34677 Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/a:microsoft:.net_framework:2.0:sp1 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/a:microsoft:.net_framework:2.0 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x32 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/a:microsoft:.net_framework:2.0:sp2 CVE-2009-0090 2009-10-14T06:30:00.420-04:00 2010-08-21T01:29:43.150-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-14T09:03:00.000-04:00 CERT TA09-286A MS MS09-061 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/a:microsoft:.net_framework:2.0:sp1 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/a:microsoft:.net_framework:2.0 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x32 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/a:microsoft:.net_framework:2.0:sp2 CVE-2009-0091 2009-10-14T06:30:00.483-04:00 2010-08-21T01:29:43.273-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-14T10:30:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-286A MS MS09-061 Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0093 2009-03-11T10:19:15.233-04:00 2010-08-21T01:29:43.540-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2009-03-11T10:47:00.000-04:00 CERT TA09-069A MS MS09-008 VUPEN ADV-2009-0661 SECTRACK 1021830 BID 33989 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm SECUNIA 34217 OSVDB 52519 CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx MISC http://blog.ncircle.com/blogs/vert/archives/2009/03/successful_exploit_renders_mic.html Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2009-0094 2009-03-11T10:19:15.250-04:00 2010-08-21T01:29:43.697-04:00 5.5 NETWORK LOW SINGLE_INSTANCE NONE PARTIAL PARTIAL http://nvd.nist.gov 2009-03-11T10:54:00.000-04:00 CERT TA09-069A MS MS09-008 VUPEN ADV-2009-0661 SECTRACK 1021829 BID 34013 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm SECUNIA 34217 OSVDB 52520 CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 cpe:/a:microsoft:visio:2002:sp2 CVE-2009-0095 2009-02-10T17:30:00.280-05:00 2011-03-07T22:17:53.517-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T10:22:00.000-05:00 CERT TA09-041A MS MS09-005 VUPEN ADV-2009-0391 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 cpe:/a:microsoft:visio:2002:sp2 CVE-2009-0096 2009-02-10T17:30:00.313-05:00 2011-03-07T22:17:53.627-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T10:25:00.000-05:00 CERT TA09-041A VUPEN ADV-2009-0391 MS MS09-005 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 cpe:/a:microsoft:visio:2002:sp2 CVE-2009-0097 2009-02-10T17:30:00.327-05:00 2011-03-07T22:17:53.720-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T10:50:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-041A MS MS09-005 VUPEN ADV-2009-0391 Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007:sp1 CVE-2009-0098 2009-02-10T17:30:00.343-05:00 2009-03-04T01:48:28.127-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-11T10:59:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA09-041A MS MS09-003 SECUNIA 33838 OSVDB 51837 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007:sp1 CVE-2009-0099 2009-02-10T17:30:00.377-05:00 2009-03-04T01:48:28.233-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-02-11T10:57:00.000-05:00 CERT TA09-041A MS MS09-003 SECUNIA 33838 OSVDB 51838 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2002:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_excel_viewer:2003:sp3 CVE-2009-0100 2009-04-15T04:00:00.530-04:00 2010-08-21T01:29:44.257-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-15T10:07:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-104A MS MS09-009 VUPEN ADV-2009-1023 SECTRACK 1022039 BUGTRAQ 20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability MISC http://www.fortiguardcenter.com/advisory/FGA-2009-16.html OSVDB 53665 Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:project_server:2007:sp2 cpe:/a:microsoft:office_project:2007:sp1 cpe:/a:microsoft:office_project:2007:sp2 cpe:/a:microsoft:project_server:2003:sp3 cpe:/a:microsoft:project_portfolio_server:2007:sp2 cpe:/a:microsoft:project_portfolio_server:2007:sp1 cpe:/a:microsoft:project_server:2007:sp1 CVE-2009-0102 2009-12-09T13:30:00.203-05:00 2010-08-21T01:29:44.383-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-12-10T07:56:00.000-05:00 CERT TA09-342A MS MS09-074 Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." cpe:/a:playsms:playsms:0.9.3 CVE-2009-0103 2009-01-09T13:30:03.047-05:00 2009-01-29T02:00:58.250-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T15:02:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33138 MILW0RM 7687 SREASON 4888 SECUNIA 33386 Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. cpe:/a:se-ed:ezpack:4.2:beta2 CVE-2009-0104 2009-01-09T13:30:03.063-05:00 2009-01-29T02:00:58.390-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T15:04:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33131 MILW0RM 7680 SREASON 4890 SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. cpe:/a:se-ed:ezpack:4.2:beta2 CVE-2009-0105 2009-01-09T13:30:03.077-05:00 2009-01-29T02:00:58.610-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-09T15:15:00.000-05:00 BID 33131 MILW0RM 7680 SREASON 4890 Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0106 2009-01-09T13:30:03.093-05:00 2009-04-10T01:32:32.157-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T15:35:00.000-05:00 ALLOWS_OTHER_ACCESS XF phpauctions-profile-sql-injection(43264) BID 33115 SECUNIA 33331 OSVDB 51144 MILW0RM 7672 SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0107 2009-01-09T13:30:03.127-05:00 2009-01-09T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-09T15:47:00.000-05:00 BID 33115 SECUNIA 33331 OSVDB 51145 MILW0RM 7672 Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0108 2009-01-09T13:30:03.140-05:00 2009-01-29T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T16:10:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33120 MILW0RM 7674 SREASON 4891 SECUNIA 33331 OSVDB 51146 PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. cpe:/a:riotpix:riotpix:.05 cpe:/a:riotpix:riotpix:0.51:beta cpe:/a:riotpix:riotpix:0.61 cpe:/a:riotpix:riotpix:0.5 cpe:/a:riotpix:riotpix:0.60 cpe:/a:riotpix:riotpix:0.52 CVE-2009-0109 2009-01-09T13:30:03.157-05:00 2009-01-29T02:00:59.250-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T16:15:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33132 MILW0RM 7682 SREASON 4892 SECUNIA 33395 SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. cpe:/a:riotpix:riotpix:.05 cpe:/a:riotpix:riotpix:0.51:beta cpe:/a:riotpix:riotpix:0.61 cpe:/a:riotpix:riotpix:0.5 cpe:/a:riotpix:riotpix:0.60 cpe:/a:riotpix:riotpix:0.52 CVE-2009-0110 2009-01-09T13:30:03.170-05:00 2009-01-29T02:00:59.467-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T16:38:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33129 MILW0RM 7679 SREASON 4893 SECUNIA 33395 SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. cpe:/a:goople_cms:goople_cms:1.8.2 CVE-2009-0111 2009-01-09T13:30:03.203-05:00 2009-01-29T02:00:59.640-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T16:49:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33135 MILW0RM 7683 SREASON 4894 SECUNIA 33393 SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:expinion:poll_pro:3.0 CVE-2009-0112 2009-01-09T13:30:03.217-05:00 2009-01-29T02:00:59.860-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-09T17:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF pollpro-unspecified-csrf(47754) SREASON 4895 SECUNIA 33319 BUGTRAQ 20090103 PollPro 3.0 XSRF VuLn Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. cpe:/a:joomla:xstandard CVE-2009-0113 2009-01-09T13:30:03.233-05:00 2009-01-29T02:01:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-09T17:02:00.000-05:00 BID 33143 MILW0RM 7691 SREASON 4896 SECUNIA 33377 Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flex:3.0 cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:air:1.5 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:cs3::pro cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player_for_linux:10.0.15.3 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:7.0.69.0 CVE-2009-0114 2009-02-26T11:17:19.797-05:00 2010-08-21T01:29:45.570-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2009-02-26T14:10:00.000-05:00 CERT TA09-133A VUPEN ADV-2009-0513 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html XF flash-settings-manager-click-hijacking(48902) VUPEN ADV-2009-1297 VUPEN ADV-2009-0743 CONFIRM http://support.apple.com/kb/HT3549 SUNALERT 254909 SECTRACK 1021751 GENTOO GLSA-200903-23 SECUNIA 35074 SECUNIA 34293 SECUNIA 34226 APPLE APPLE-SA-2009-05-12 MISC http://isc.sans.org/diary.html?storyid=5929 Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." cpe:/a:christophe.varoqui:multipath-tools:0.4.8 CVE-2009-0115 2009-03-30T12:30:00.343-04:00 2010-08-21T01:29:45.710-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-30T13:15:00.000-04:00 FEDORA FEDORA-2009-3453 FEDORA FEDORA-2009-3449 VUPEN ADV-2010-0528 DEBIAN DSA-1767 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm SECUNIA 38794 SECUNIA 34759 SECUNIA 34710 SECUNIA 34694 SECUNIA 34642 SECUNIA 34418 MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates SUSE SUSE-SR:2009:008 SUSE SUSE-SR:2009:007 MISC http://launchpad.net/bugs/cve/2009-0115 CONFIRM http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0119 2009-01-14T18:30:04.377-05:00 2009-01-29T02:01:00.217-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-15T09:54:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33204 MILW0RM 7720 SREASON 4912 Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. cpe:/h:ibm:websphere_datapower_xml_security_gateway_xs40:3.6.1.5 CVE-2009-0120 2009-01-14T19:30:00.280-05:00 2011-03-07T22:17:55.453-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-01-15T10:53:00.000-05:00 VUPEN ADV-2009-0111 SECTRACK 1021547 BID 33169 BUGTRAQ 20090108 [IBM Datapower XS40] Denial of Service SREASON 4911 The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. cpe:/a:goople_cms:goople_cms:1.8.2 CVE-2009-0121 2009-01-14T19:30:00.327-05:00 2009-01-15T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-15T11:05:00.000-05:00 ALLOWS_OTHER_ACCESS SECUNIA 33393 SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:hp:hplip:2.8.2 cpe:/a:hp:hplip:2.7.7 CVE-2009-0122 2009-01-15T12:30:00.483-05:00 2009-01-31T01:54:38.047-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-16T09:36:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33249 CONFIRM https://launchpad.net/bugs/191299 UBUNTU USN-708-1 SECUNIA 33539 hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. cpe:/a:apple:safari CVE-2009-0123 2009-01-15T12:30:00.500-05:00 2009-01-22T01:46:15.797-05:00 7.1 NETWORK MEDIUM NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-01-16T09:51:00.000-05:00 XF safari-rss-feed-info-disclosure(47917) SECTRACK 1021581 BID 33234 SECUNIA 33458 MISC http://isc.sans.org/diary.html?storyid=5689 MISC http://brian.mastenbrook.net/display/27 Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. cpe:/a:arrl:tqsllib:2.0 CVE-2009-0124 2009-01-15T12:30:00.530-05:00 2009-02-06T02:05:51.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T10:14:00.000-05:00 FEDORA FEDORA-2009-0543 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479650 SECUNIA 33543 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509 The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:finkproject:libnasl:2.2.11 CVE-2009-0125 2009-01-15T12:30:00.547-05:00 2009-02-10T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T10:42:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479655 VIM 20090120 CVE-2009-0125 (fwd) MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto SUSE SUSE-SR:2009:003 CONFIRM http://cvs.fedoraproject.org/viewvc/rpms/libnasl/F-10/libnasl.spec?r1=1.16&r2=1.17 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517 ** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification." cpe:/a:berkeley:boinc_client:6.4.5 cpe:/a:berkeley:boinc_client:6.2.14 CVE-2009-0126 2009-01-15T12:30:00.563-05:00 2009-03-06T01:49:14.547-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T10:51:00.000-05:00 FEDORA FEDORA-2009-0578 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479664 SECUNIA 33828 SECUNIA 33806 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto SUSE SUSE-SR:2009:003 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521 CONFIRM http://boinc.berkeley.edu/trac/ticket/823 CONFIRM http://boinc.berkeley.edu/trac/changeset/16883 The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:heikkitoivonen:m2crypto:_nil_ CVE-2009-0127 2009-01-15T12:30:00.577-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:21:00.000-05:00 MISC https://bugzilla.redhat.com/show_bug.cgi?id=479676 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515 ** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto." cpe:/a:llnl:slurm:_nil_ CVE-2009-0128 2009-01-15T12:30:00.610-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:26:00.000-05:00 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511 plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:perl-openssl:libcrypt-openssl-dsa-perl:_nil_ CVE-2009-0129 2009-01-15T12:30:00.627-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:33:00.000-05:00 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:erlang:erlang:_nil_ CVE-2009-0130 2009-01-15T12:30:00.640-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:37:00.000-05:00 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520 ** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid." cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_67::x86 CVE-2009-0131 2009-01-15T12:30:00.657-05:00 2009-02-05T01:53:13.453-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-01-16T13:17:00.000-05:00 SECTRACK 1021600 BID 33267 SUNALERT 239188 CONFIRM http://bugs.opensolaris.org/view_bug.do?bug_id=6711995 The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call. cpe:/o:sun:solaris:8::x86 cpe:/o:sun:solaris:10::x86 cpe:/o:sun:opensolaris:::sparc cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:opensolaris:::x86 cpe:/o:sun:solaris:8::sparc CVE-2009-0132 2009-01-15T12:30:00.687-05:00 2011-03-07T22:17:56.563-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-01-16T14:04:00.000-05:00 BID 33188 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1 VUPEN ADV-2009-0099 MISC http://www.trapkit.de/advisories/TKADV2009-001.txt SECTRACK 1021553 SUNALERT 247986 SECUNIA 33516 Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument). cpe:/a:microsoft:html_help_workshop:4.74 CVE-2009-0133 2009-01-15T12:30:00.703-05:00 2009-01-29T02:01:03.547-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-16T14:07:00.000-05:00 MILW0RM 7727 SREASON 4914 Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. cpe:/a:share2:easy_grid_control:3.51 CVE-2009-0134 2009-01-16T13:30:00.203-05:00 2009-01-29T02:01:03.767-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-16T16:29:00.000-05:00 XF easygrid-activex-dosavefile-file-overwrite(47946) BID 33272 MILW0RM 7779 SREASON 4913 SECUNIA 33537 Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. cpe:/a:amarok:amarok:2.0.1 cpe:/a:amarok:amarok:2.0 cpe:/a:amarok:amarok:1.4.10 CVE-2009-0135 2009-01-16T13:30:00.233-05:00 2011-03-07T22:17:56.847-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-19T10:40:00.000-05:00 ALLOWS_ADMIN_ACCESS FEDORA FEDORA-2009-0715 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479946 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479560 VUPEN ADV-2009-0100 UBUNTU USN-739-1 SECTRACK 1021558 BID 33210 BUGTRAQ 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities MANDRIVA MDVSA-2009:030 DEBIAN DSA-1706 CONFIRM http://websvn.kde.org/?view=rev&revision=908415 CONFIRM http://websvn.kde.org/?view=rev&revision=908401 CONFIRM http://websvn.kde.org/?view=rev&revision=908391 MISC http://trapkit.de/advisories/TKADV2009-002.txt SREASON 4915 GENTOO GLSA-200903-34 SECUNIA 34407 SECUNIA 34315 SECUNIA 33819 SECUNIA 33640 SECUNIA 33522 SECUNIA 33505 MLIST [oss-security] 20090114 CVE Request -- amarok SUSE SUSE-SR:2009:003 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=254896 CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. cpe:/a:amarok:amarok:2.0.1 cpe:/a:amarok:amarok:2.0 cpe:/a:amarok:amarok:1.4.10 CVE-2009-0136 2009-01-16T13:30:00.250-05:00 2011-03-07T22:17:56.953-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-19T10:52:00.000-05:00 ALLOWS_ADMIN_ACCESS FEDORA FEDORA-2009-0715 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479946 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479560 VUPEN ADV-2009-0100 UBUNTU USN-739-1 SECTRACK 1021558 BID 33210 BUGTRAQ 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities MANDRIVA MDVSA-2009:030 DEBIAN DSA-1706 CONFIRM http://websvn.kde.org/?view=rev&revision=908415 CONFIRM http://websvn.kde.org/?view=rev&revision=908401 CONFIRM http://websvn.kde.org/?view=rev&revision=908391 MISC http://trapkit.de/advisories/TKADV2009-002.txt SREASON 4915 GENTOO GLSA-200903-34 SECUNIA 34407 SECUNIA 34315 SECUNIA 33819 SECUNIA 33640 SECUNIA 33522 SECUNIA 33505 MLIST [oss-security] 20090114 CVE Request -- amarok SUSE SUSE-SR:2009:003 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=254896 CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. cpe:/a:apple:safari CVE-2009-0137 2009-02-12T19:30:05.000-05:00 2009-08-19T01:25:07.127-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:19:00.000-05:00 ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0138 2009-02-12T19:30:05.017-05:00 2011-03-07T22:17:57.157-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:22:00.000-05:00 ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 BID 33813 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0139 2009-02-12T19:30:05.030-05:00 2011-03-07T22:17:57.237-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:24:00.000-05:00 ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0140 2009-02-12T19:30:05.047-05:00 2011-03-07T22:17:57.347-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:25:00.000-05:00 APPLE APPLE-SA-2009-02-12 VUPEN ADV-2009-0422 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 CVE-2009-0141 2009-02-12T19:30:05.077-05:00 2011-03-07T22:17:57.437-05:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-02-13T10:52:00.000-05:00 XF macosx-xterm-information-disclosure(48727) VUPEN ADV-2009-0422 BID 33798 CONFIRM http://support.apple.com/kb/HT3438 SECTRACK 1021729 SECUNIA 33937 APPLE APPLE-SA-2009-02-12 XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0142 2009-02-12T18:30:01.110-05:00 2011-03-07T22:17:57.547-05:00 1.9 LOCAL MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-02-13T08:23:00.000-05:00 VUPEN ADV-2009-0422 BID 33812 BID 33759 CONFIRM http://support.apple.com/kb/HT3438 SECUNIA 33937 APPLE APPLE-SA-2009-02-12 Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." cpe:/a:apple:itunes:2.0.4:-:windows cpe:/a:apple:itunes:6.0.5:-:mac cpe:/a:apple:itunes:7.6.2:-:mac cpe:/a:apple:itunes:5.0.1:-:mac cpe:/a:apple:itunes:7.1.1:-:windows cpe:/a:apple:itunes:3.0::windows cpe:/a:apple:itunes:7.4.0:-:windows cpe:/a:apple:itunes:4.7.1:-:mac cpe:/a:apple:itunes:4.0::windows cpe:/a:apple:itunes:4.6.0:-:mac cpe:/a:apple:itunes:5.0.1:-:windows cpe:/a:apple:itunes:7.3.2:-:mac cpe:/a:apple:itunes:7.0.2:-:windows cpe:/a:apple:itunes:4.7.1:-:windows cpe:/a:apple:itunes:7.4.3::windows cpe:/a:apple:itunes:4.9.0:-:windows cpe:/a:apple:itunes:7.4.2::windows cpe:/a:apple:itunes:7.3.2:-:windows cpe:/a:apple:itunes:4.2.0:-:windows cpe:/a:apple:itunes:7.3.0:-:windows cpe:/a:apple:itunes:7.7.1::windows cpe:/a:apple:itunes:4.8.0:-:mac cpe:/a:apple:itunes:5.0.1::windows cpe:/a:apple:itunes:6.0.4:-:windows cpe:/a:apple:itunes:4.7::windows cpe:/a:apple:itunes:7.4.2:-:windows cpe:/a:apple:itunes:7.7.1:-:mac cpe:/a:apple:itunes:1.0:-:windows cpe:/a:apple:itunes:6.0.5:-:windows cpe:/a:apple:itunes:8.0.1:-:mac cpe:/a:apple:itunes:7.0.2::windows cpe:/a:apple:itunes:7.1.0:-:windows cpe:/a:apple:itunes:7.3.1:-:windows cpe:/a:apple:itunes:6.0.4::windows cpe:/a:apple:itunes:4.0.0:-:mac cpe:/a:apple:itunes:4.1.0:-:windows cpe:/a:apple:itunes:7.4::windows cpe:/a:apple:itunes:5.0.0:-:mac cpe:/a:apple:itunes:7.0.2:-:mac cpe:/a:apple:itunes:2.0:-:windows cpe:/a:apple:itunes:2.0.3:-:windows cpe:/a:apple:itunes:4.7.1::windows cpe:/a:apple:itunes:6.0.3:-:mac cpe:/a:apple:itunes:7.5::windows cpe:/a:apple:itunes:4.1.0:-:mac cpe:/a:apple:itunes:6.0.0:-:windows cpe:/a:apple:itunes:6.0.3::windows cpe:/a:apple:itunes:7.7::windows cpe:/a:apple:itunes:2.0.4:-:mac cpe:/a:apple:itunes:7.3.0:-:mac cpe:/a:apple:itunes:7.6.0:-:windows cpe:/a:apple:itunes:7.0.0:-:mac cpe:/a:apple:itunes:4.5.0:-:windows cpe:/a:apple:itunes:4.7.0:-:mac cpe:/a:apple:itunes:4.5::windows cpe:/a:apple:itunes:2.0.2:-:mac cpe:/a:apple:itunes:6.0.1:-:mac cpe:/a:apple:itunes:7.6.1::windows cpe:/a:apple:itunes:1.1.2:-:windows cpe:/a:apple:itunes:6.0.1:-:windows cpe:/a:apple:itunes:7.6.1:-:windows cpe:/a:apple:itunes:6.0.2::windows cpe:/a:apple:itunes:4.0.1::windows cpe:/a:apple:itunes:7.7.0:-:mac cpe:/a:apple:itunes:2.0.3:-:mac cpe:/a:apple:itunes:7.0.0:-:windows cpe:/a:apple:itunes:7.4.0:-:mac cpe:/a:apple:itunes:6.0.0:-:mac cpe:/a:apple:itunes:1.1.1:-:windows cpe:/a:apple:itunes:4.0.1:-:windows cpe:/a:apple:itunes:8.0:-:mac cpe:/a:apple:itunes:7.7.1:-:windows cpe:/a:apple:itunes:1.1.2:-:mac cpe:/a:apple:itunes:7.6.2:-:windows cpe:/a:apple:itunes:8.0.0:-:mac cpe:/a:apple:itunes:7.3.1:-:mac cpe:/a:apple:itunes:1.1.1:-:mac cpe:/a:apple:itunes:2.0.1:-:windows cpe:/a:apple:itunes:6.0.4:-:mac cpe:/a:apple:itunes:5.0.0:-:windows cpe:/a:apple:itunes:4.2.0:-:mac cpe:/a:apple:itunes:7.1.1:-:mac cpe:/a:apple:itunes:6.0.2:-:mac cpe:/a:apple:itunes:4.2::windows cpe:/a:apple:itunes:4.9::windows cpe:/a:apple:itunes:6.0.4.2::windows cpe:/a:apple:itunes:4.7.0:-:windows cpe:/a:apple:itunes:4.0.0:-:windows cpe:/a:apple:itunes:7.6.0:-:mac cpe:/a:apple:itunes:7.2.0:-:windows cpe:/a:apple:itunes:4.8::windows cpe:/a:apple:itunes:4.7.1.30::windows cpe:/a:apple:itunes:6.0.1::windows cpe:/a:apple:itunes:6.0::windows cpe:/a:apple:itunes:7.6.2::windows cpe:/a:apple:itunes:6.0.2:-:windows cpe:/a:apple:itunes:4.2.72::windows cpe:/a:apple:itunes:4.5.0:-:mac cpe:/a:apple:itunes:1.0:-:mac cpe:/a:apple:itunes:7.5.0:-:windows cpe:/a:apple:itunes:7.4.1:-:mac cpe:/a:apple:itunes:7.3.2::windows cpe:/a:apple:itunes:7.4.1:-:windows cpe:/a:apple:itunes:3.0.1::windows cpe:/a:apple:itunes:4.6::windows cpe:/a:apple:itunes:2.0.1:-:mac cpe:/a:apple:itunes:7.2.0:-:mac cpe:/a:apple:itunes:7.0.1:-:windows cpe:/a:apple:itunes:2.0:-:mac cpe:/a:apple:itunes:8.0.0:-:windows cpe:/a:apple:itunes:8.0::windows cpe:/a:apple:itunes:8.0.1:-:windows cpe:/a:apple:itunes:6.0.3:-:windows cpe:/a:apple:itunes:7.7.0:-:windows cpe:/a:apple:itunes:6.0.5::windows cpe:/a:apple:itunes:4.8.0:-:windows cpe:/a:apple:itunes:7.6.1:-:mac cpe:/a:apple:itunes:4.0.1:-:mac cpe:/a:apple:itunes:4.6.0:-:windows cpe:/a:apple:itunes:7.5.0:-:mac cpe:/a:apple:itunes:7.4.1::windows cpe:/a:apple:itunes:5.0::windows cpe:/a:apple:itunes:2.0.2:-:windows cpe:/a:apple:itunes:7.4.2:-:mac cpe:/a:apple:itunes:7.6::windows cpe:/a:apple:itunes:4.9.0:-:mac cpe:/a:apple:itunes:4.1::windows cpe:/a:apple:itunes:7.1.0:-:mac cpe:/a:apple:itunes:7.0.1:-:mac CVE-2009-0143 2009-03-14T14:30:00.437-04:00 2010-08-21T01:29:48.320-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-03-15T09:22:00.000-04:00 CONFIRM http://support.apple.com/kb/HT3487 APPLE APPLE-SA-2009-03-11 XF itunes-podcast-information-disclosure(49201) VUPEN ADV-2009-0702 BID 34094 SECTRACK 1021843 SECUNIA 34254 OSVDB 52579 Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/a:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.1 CVE-2009-0144 2009-05-13T11:30:00.250-04:00 2009-05-16T01:28:55.703-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-05-14T09:50:00.000-04:00 CERT TA09-133A CONFIRM http://support.apple.com/kb/HT3549 APPLE APPLE-SA-2009-05-12 XF macos-cfnetwork-info-disclosure(50479) VUPEN ADV-2009-1297 SECTRACK 1022214 BID 34926 SECUNIA 35074 CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.1 CVE-2009-0145 2009-05-13T11:30:00.280-04:00 2009-06-23T01:30:42.437-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-05-14T10:14:00.000-04:00 ALLOWS_OTHER_ACCESS CERT TA09-133A CONFIRM http://support.apple.com/kb/HT3549 APPLE APPLE-SA-2009-05-12 XF macos-coregraphics-pdf-code-execution(50481) VUPEN ADV-2009-1621 VUPEN ADV-2009-1522 VUPEN ADV-2009-1297 SECTRACK 1022209 BID 34926 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://support.apple.com/kb/HT3613 SECUNIA 35379 SECUNIA 35074 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-06-08-1 CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.8 cpe:/a:foolabs:xpdf:3.02 cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:2.01 cpe:/a:apple:cups:1.3.11 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:foolabs:xpdf:2.00 cpe:/a:apple:cups:1.1.22 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.92c cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.2.9 cpe:/a:foolabs:xpdf:0.5 cpe:/a:apple:cups:1.1.6-2 cpe:/a:foolabs:xpdf:0.6 cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:1.00 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.1.9 cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.90 cpe:/a:foolabs:xpdf:1.00a cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:foolabs:xpdf:2.03 cpe:/a:apple:cups:1.1.10-1 cpe:/a:foolabs:xpdf:3.01 cpe:/a:apple:cups:1.2.7 cpe:/a:foolabs:xpdf:0.91 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.19 cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:0.2 cpe:/a:foolabs:xpdf:2.02 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.8 cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.7a cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:foolabs:xpdf:0.92 cpe:/a:apple:cups:1.1.6-1 cpe:/a:foolabs:xpdf:0.91a cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.1.4 cpe:/a:foolabs:xpdf:3.00 cpe:/a:foolabs:xpdf:0.93 cpe:/a:apple:cups:1.1.12 cpe:/a:foolabs:xpdf:1.01 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:foolabs:xpdf:0.4 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.3.2 cpe:/a:foolabs:xpdf:0.93b cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.2.2 cpe:/a:foolabs:xpdf:0.7 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.1.21 cpe:/a:foolabs:xpdf:0.3 cpe:/a:foolabs:xpdf:0.80 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.1.23 cpe:/a:foolabs:xpdf:0.92d cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.15 cpe:/a:foolabs:xpdf:0.93a cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.1 CVE-2009-0146 2009-04-23T13:30:01.547-04:00 2010-12-21T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-04-23T14:13:00.000-04:00 CERT TA09-133A REDHAT RHSA-2009:0430 FEDORA FEDORA-2009-6982 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6972 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490612 VUPEN ADV-2010-1040 VUPEN ADV-2009-1621 VUPEN ADV-2009-1297 VUPEN ADV-2009-1077 VUPEN ADV-2009-1066 VUPEN ADV-2009-1065 SECTRACK 1022073 BID 34568 BUGTRAQ 20090417 rPSA-2009-0059-1 poppler BUGTRAQ 20090417 rPSA-2009-0061-1 cups REDHAT RHSA-2009:0480 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0429 MANDRIVA MDVSA-2010:087 MANDRIVA MDVSA-2009:101 DEBIAN DSA-1793 DEBIAN DSA-1790 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0059 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://support.apple.com/kb/HT3549 SLACKWARE SSA:2009-129-01 GENTOO GLSA-200904-20 SECUNIA 35685 SECUNIA 35618 SECUNIA 35074 SECUNIA 35065 SECUNIA 35064 SECUNIA 35037 SECUNIA 34991 SECUNIA 34963 SECUNIA 34959 SECUNIA 34852 SECUNIA 34756 SECUNIA 34755 SECUNIA 34481 SECUNIA 34291 REDHAT RHSA-2009:0458 SUSE SUSE-SR:2009:012 SUSE SUSE-SR:2009:010 SUSE SUSE-SA:2009:024 APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2009-06-17-1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=263028 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.8 cpe:/a:foolabs:xpdf:3.02 cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:2.01 cpe:/a:apple:cups:1.3.11 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:foolabs:xpdf:2.00 cpe:/a:apple:cups:1.1.22 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.92c cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.2.9 cpe:/a:foolabs:xpdf:0.5 cpe:/a:apple:cups:1.1.6-2 cpe:/a:foolabs:xpdf:0.6 cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:1.00 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.1.9 cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.90 cpe:/a:foolabs:xpdf:1.00a cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:foolabs:xpdf:2.03 cpe:/a:apple:cups:1.1.10-1 cpe:/a:foolabs:xpdf:3.01 cpe:/a:apple:cups:1.2.7 cpe:/a:foolabs:xpdf:0.91 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.19 cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:0.2 cpe:/a:foolabs:xpdf:2.02 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.8 cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.7a cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:foolabs:xpdf:0.92 cpe:/a:apple:cups:1.1.6-1 cpe:/a:foolabs:xpdf:0.91a cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.1.4 cpe:/a:foolabs:xpdf:3.00 cpe:/a:foolabs:xpdf:0.93 cpe:/a:apple:cups:1.1.12 cpe:/a:foolabs:xpdf:1.01 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:foolabs:xpdf:0.4 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.3.2 cpe:/a:foolabs:xpdf:0.93b cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.2.2 cpe:/a:foolabs:xpdf:0.7 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.3.5