Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-22 | CVE-2009-3288 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. | 4.9 |
| 2009-09-22 | CVE-2009-3287 | Improper Input Validation vulnerability in Macournoyer Thin lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. | 7.5 |
| 2009-09-22 | CVE-2009-3284 | Path Traversal vulnerability in PHPspot products Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2009-09-22 | CVE-2009-3283 | Cross-Site Scripting vulnerability in PHPspot products Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. | 4.3 |
| 2009-09-21 | CVE-2009-3279 | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. | 4.9 |
| 2009-09-21 | CVE-2009-3278 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | 5.5 |
| 2009-09-21 | CVE-2009-3277 | Denial-Of-Service vulnerability in Datavault DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3276 | Denial-Of-Service vulnerability in Corenet1 Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3275 | USE of Externally-Controlled Format String vulnerability in Microsoft Enterprise Library 3.1/4.0/4.1 Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3273 | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |