Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2009-3238 5.5 MEDIUM EPSS 0.00

Linux kernel <2.6.30 - Info Disclosure

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

CWE-338 Sep 18, 2009

CVE-2009-3022 6.5 MEDIUM EPSS 0.00

Itd-inc Bingo!cms < 1.2 - CSRF

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

CWE-352 Aug 31, 2009

CVE-2009-2857 5.5 MEDIUM EPSS 0.00

Oracle Opensolaris < snv_103 - Improper Locking

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

CWE-667 Aug 19, 2009

CVE-2009-2055 5.9 MEDIUM KEV EPSS 0.00

Cisco IOS XR <3.8.1 - DoS

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

CWE-20 Aug 19, 2009

CVE-2009-2416 6.5 MEDIUM EPSS 0.00

libxml2/libxml <2.7 - Use After Free

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CWE-416 Aug 11, 2009

CVE-2009-2408 5.9 MEDIUM EPSS 0.01

Mozilla NSS <3.12.3 - Info Disclosure

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

CWE-295 Jul 30, 2009

CVE-2009-1388 5.5 MEDIUM EPSS 0.00

Linux Kernel - Improper Locking

The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.

CWE-667 Jul 05, 2009

CVE-2009-2216 6.1 MEDIUM 1 PoC Analysis EPSS 0.03

DirectAdmin <1.33.6 - XSS

Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.

CWE-79 Jun 25, 2009

CVE-2009-2213 6.5 MEDIUM EPSS 0.00

Citrix NetScaler Access Gateway <9.0 - Auth Bypass

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

CWE-863 Jun 25, 2009

CVE-2009-1961 4.7 MEDIUM 1 PoC Analysis EPSS 0.00

Linux kernel <2.6.30-rc3 - DoS

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

CWE-667 Jun 08, 2009

CVE-2009-0783 4.2 MEDIUM EPSS 0.00

Apache Tomcat <6.0.19 - Info Disclosure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

CWE-200 Jun 05, 2009

CVE-2009-1466 5.5 MEDIUM EPSS 0.00

Klinzmann Application Access Server - Cleartext Storage

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

CWE-312 May 14, 2009

CVE-2009-1605 5.4 MEDIUM EPSS 0.07

Sumatrapdf < 0.9.3 - Memory Corruption

Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.

CWE-119 May 11, 2009

CVE-2009-1596 6.5 MEDIUM EPSS 0.00

Igniterealtime Openfire < 3.6.5 - Authentication Bypass

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.

CWE-287 May 11, 2009

CVE-2009-1243 5.5 MEDIUM EPSS 0.00

Linux Kernel < 2.6.29.1 - Improper Locking

net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure."

CWE-667 Apr 06, 2009

CVE-2009-1073 5.5 MEDIUM EPSS 0.00

Debian Nss-ldap < 0.6.8 - Incorrect Permission Assignment

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

CWE-732 Mar 31, 2009

CVE-2009-0935 5.5 MEDIUM EPSS 0.00

Linux Kernel < 2.6.27.13 - Improper Locking

The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.

CWE-667 Mar 18, 2009

CVE-2009-0141 5.5 MEDIUM EPSS 0.00

XTerm <10.5.6 - Local Info Disclosure

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

CWE-732 Feb 13, 2009

CVE-2008-5180 5.3 MEDIUM 2 PoCs Analysis EPSS 0.82

Microsoft Communicator - DoS

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

CWE-770 Nov 20, 2008

CVE-2008-4989 5.9 MEDIUM EPSS 0.00

Gnutls < 2.6.1 - Improper Certificate Validation

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

CWE-295 Nov 13, 2008

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps