Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-23 | CVE-2009-3765 | Cryptographic Issues vulnerability in Mutt 1.5.19/1.5.20 mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
| 2009-10-23 | CVE-2009-3622 | Cryptographic Issues vulnerability in Wordpress Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP. | 4.3 |
| 2009-10-23 | CVE-2009-3616 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | 9.9 |
| 2009-10-23 | CVE-2009-2281 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. | 10.0 |
| 2009-10-23 | CVE-2009-1297 | Link Following vulnerability in multiple products iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. | 4.4 |
| 2009-10-22 | CVE-2009-3409 | Remote vulnerability in Oracle PeopleSoft Enterprise Human Capital Management Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 3.6 |
| 2009-10-22 | CVE-2009-3408 | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 5.1 |
| 2009-10-22 | CVE-2009-3407 | Remote Portal vulnerability in Oracle Application Server 10.1.2.3/10.1.4.2 Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983. network oracle | 4.3 |
| 2009-10-22 | CVE-2009-3406 | JD Edwards Tools Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors. low complexity oracle | 2.7 |
| 2009-10-22 | CVE-2009-3405 | Remote JD Edwards Tools vulnerability in Oracle JD Edwards Tools Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors. low complexity oracle | 4.1 |