CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4501 119 DoS Overflow 2009-12-31 2010-01-01
5.0
None Remote Low Not required None None Partial
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
2 CVE-2009-4500 119 DoS Overflow 2009-12-31 2010-01-12
5.0
None Remote Low Not required None None Partial
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.
3 CVE-2009-4484 119 1 DoS Exec Code Overflow Mem. Corr. 2009-12-30 2010-03-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
4 CVE-2009-4483 DoS 2009-12-30 2009-12-31
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
5 CVE-2009-4479 399 DoS Mem. Corr. 2009-12-30 2010-01-04
7.8
None Remote Low Not required None None Complete
LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
6 CVE-2009-4466 200 1 DoS +Info 2009-12-30 2009-12-30
5.0
None Remote Low Not required Partial None None
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
7 CVE-2009-4463 255 DoS 2009-12-30 2010-04-10
10.0
Admin Remote Low Not required Complete Complete Complete
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
8 CVE-2009-4448 399 DoS 2009-12-29 2011-01-04
5.0
None Remote Low Not required None None Partial
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
9 CVE-2009-4443 DoS 2009-12-28 2010-06-13
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.
10 CVE-2009-4442 16 DoS 2009-12-28 2010-06-13
5.0
None Remote Low Not required None None Partial
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.
11 CVE-2009-4441 DoS 2009-12-28 2010-06-13
5.0
None Remote Low Not required None None Partial
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.
12 CVE-2009-4439 DoS 2009-12-28 2010-06-29
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.
13 CVE-2009-4420 119 DoS Overflow 2009-12-24 2009-12-31
7.8
None Remote Low Not required None None Complete
Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information.
14 CVE-2009-4418 189 DoS 2009-12-24 2009-12-28
5.0
None Remote Low Not required None None Partial
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
15 CVE-2009-4413 189 1 DoS Overflow 2009-12-24 2010-02-26
5.0
None Remote Low Not required None None Partial
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
16 CVE-2009-4410 DoS 2009-12-24 2012-03-19
4.9
None Local Low Not required None None Complete
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.
17 CVE-2009-4404 DoS 2009-12-23 2009-12-28
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information.
18 CVE-2009-4378 DoS 2009-12-21 2012-01-13
4.3
None Remote Medium Not required None None Partial
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
19 CVE-2009-4377 DoS 2009-12-21 2010-08-21
4.3
None Remote Medium Not required None None Partial
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
20 CVE-2009-4376 119 DoS Exec Code Overflow 2009-12-21 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
21 CVE-2009-4362 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.
22 CVE-2009-4361 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.
23 CVE-2009-4334 264 DoS 2009-12-16 2010-06-29
4.6
User Local Low Not required Partial Partial Partial
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
24 CVE-2009-4332 DoS 2009-12-16 2010-06-29
5.0
None Remote Low Not required None None Partial
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.
25 CVE-2009-4329 DoS 2009-12-16 2009-12-17
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.
26 CVE-2009-4328 DoS 2009-12-16 2010-06-29
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.
27 CVE-2009-4327 20 DoS 2009-12-16 2010-06-29
5.0
None Remote Low Not required None None Partial
The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.
28 CVE-2009-4313 119 DoS Exec Code Overflow 2009-12-12 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
29 CVE-2009-4308 399 DoS 2009-12-12 2012-03-19
7.1
None Remote Medium Not required None None Complete
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
30 CVE-2009-4307 189 DoS 2009-12-12 2012-03-19
7.1
None Remote Medium Not required None None Complete
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
31 CVE-2009-4306 DoS 2009-12-12 2012-03-19
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.
32 CVE-2009-4294 DoS Exec Code 2009-12-11 2009-12-14
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
33 CVE-2009-4293 16 DoS 2009-12-10 2010-12-22
7.1
None Remote Medium Not required None None Complete
Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets.
34 CVE-2009-4270 119 DoS Exec Code Overflow 2009-12-21 2010-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
35 CVE-2009-4235 264 DoS +Info 2009-12-08 2009-12-31
6.9
None Local Medium Not required Complete Complete Complete
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
36 CVE-2009-4228 399 DoS 2009-12-08 2011-01-20
4.3
None Remote Medium Not required None None Partial
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.
37 CVE-2009-4226 362 DoS 2009-12-08 2009-12-09
7.1
None Remote Medium Not required None None Complete
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.
38 CVE-2009-4210 94 DoS Mem. Corr. 2009-12-12 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
39 CVE-2009-4190 DoS 2009-12-03 2009-12-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
40 CVE-2009-4186 119 1 DoS Overflow 2009-12-03 2009-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
41 CVE-2009-4171 119 DoS Overflow 2009-12-02 2009-12-04
4.3
None Remote Medium Not required None None Partial
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
42 CVE-2009-4144 310 DoS +Info 2009-12-23 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
43 CVE-2009-4138 399 DoS 2009-12-16 2012-03-19
4.7
None Local Medium Not required None None Complete
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
44 CVE-2009-4118 1 DoS 2009-11-30 2012-10-25
2.1
None Local Low Not required None None Partial
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
45 CVE-2009-4117 119 DoS Exec Code Overflow 2009-11-30 2012-10-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
46 CVE-2009-4114 20 DoS Mem. Corr. 2009-11-30 2009-12-01
4.9
None Local Low Not required None None Complete
kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.
47 CVE-2009-4108 119 DoS Overflow 2009-11-29 2009-12-01
4.0
None Remote Low Single system None None Partial
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
48 CVE-2009-4105 20 DoS 2009-11-29 2009-11-30
3.5
None Remote Medium Single system None None Partial
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
49 CVE-2009-4103 119 DoS Exec Code Overflow 2009-11-29 2009-11-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
50 CVE-2009-4080 DoS 2009-11-29 2009-12-19
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.
Total number of vulnerabilities : 1035   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.