Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-29 | CVE-2009-3474 | Cryptographic Issues vulnerability in Internet2 Opensaml, Shibboleth-Sp and Xmltooling OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | 7.5 |
| 2009-09-29 | CVE-2009-3473 | Remote Security vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. | 10.0 |
| 2009-09-29 | CVE-2009-3472 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | 6.5 |
| 2009-09-29 | CVE-2009-3471 | Remote Security vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | 7.5 |
| 2009-09-29 | CVE-2009-3470 | Resource Management Errors vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | 5.0 |
| 2009-09-29 | CVE-2009-3469 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1 Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
| 2009-09-29 | CVE-2009-3468 | Local Privilege Escalation vulnerability in SUN Solaris 10.0 Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager. local sun | 6.9 |
| 2009-09-29 | CVE-2009-2905 | Buffer Errors vulnerability in Fedorahosted Newt 0.51.5/0.51.6/0.52.2 Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. | 4.6 |
| 2009-09-29 | CVE-2009-3457 | Information Exposure vulnerability in Cisco ACE web Application Firewall and ACE XML Gateway Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | 5.0 |
| 2009-09-29 | CVE-2009-3456 | Cryptographic Issues vulnerability in Google Chrome Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |