CVE Vulnerabilities in 2009

8 documented vulnerabilities published in 2009.

Other years: 2026 2025 2024 2023 2022 2021 2020
Critical
2
High
5
Medium
1
Low
0
None
0

Top Affected Vendors in 2009

Microsoft 5 Ietf 1 Adobe 1 Apache 1

All CVEs from 2009

Recent Highest Score Oldest
CVE-2009-3555
9.8 critical

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple C

Apache Http Server Nov 9, 2009
CVE-2009-3459
8.8 high

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained f

Adobe Acrobat Oct 13, 2009
CVE-2009-2495
6.5 medium

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML docum

Microsoft Visual C\+\+ Jul 29, 2009
CVE-2009-2493
8.8 high

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re

Microsoft Visual C\+\+ Jul 29, 2009
CVE-2009-0901
8.8 high

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClea

Microsoft Visual C\+\+ Jul 29, 2009
CVE-2009-1537
8.8 high

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited

Microsoft Directx May 29, 2009
CVE-2003-1567
7.5 high

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usin

Microsoft Internet Information Services Jan 15, 2009
CVE-2004-2761
9.8 critical

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Ietf Md5 Jan 5, 2009