2009 CVE Vulnerabilities
5,054 CVEs published in 2009.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2009-10007 | CRITICAL | 9.1 | 0.4% | Jun 9, 2026 | Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst... |
| CVE-2009-20007 | CRITICAL | 9.3 | 1.7% | Sep 16, 2025 | Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response string... |
| CVE-2009-20006 | CRITICAL | 9.3 | 1.1% | Sep 16, 2025 | osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (adm... |
| CVE-2009-20005 | CRITICAL | 9.3 | 1.3% | Sep 16, 2025 | A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability ... |
| CVE-2009-20011 | CRITICAL | 10 | 1.3% | Aug 30, 2025 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote comman... |
| CVE-2009-20010 | CRITICAL | 9.3 | 1.6% | Aug 30, 2025 | Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail su... |
| CVE-2009-20009 | CRITICAL | 9.3 | 1.5% | Aug 30, 2025 | Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service aut... |
| CVE-2009-10006 | CRITICAL | 9.3 | 0.8% | Aug 22, 2025 | UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC clien... |
| CVE-2009-0948 | CRITICAL | 9.8 | 1.1% | Jun 2, 2021 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in fil... |
| CVE-2009-0947 | CRITICAL | 9.8 | 1.1% | Jun 2, 2021 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. |
| CVE-2009-1120 | CRITICAL | 9.8 | 7.4% | Jan 15, 2020 | EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists w... |
| CVE-2009-5043 | CRITICAL | 9.8 | 1.2% | Oct 31, 2019 | burn allows file names to escape via mishandled quotation marks |
| CVE-2009-5042 | CRITICAL | 9.1 | 1.1% | Oct 31, 2019 | python-docutils allows insecure usage of temporary files |
| CVE-2009-5041 | CRITICAL | 9.8 | 1.2% | Oct 31, 2019 | overkill has buffer overflow via long player names that can corrupt data on the server machine |
| CVE-2009-3887 | CRITICAL | 9.8 | 2.5% | Oct 29, 2019 | ytnef has directory traversal |
| CVE-2009-4899 | CRITICAL | 9.8 | 1.3% | Oct 28, 2019 | pixelpost 1.7.1 has SQL injection |
| CVE-2009-4013 | CRITICAL | 9.8 | 5.7% | Feb 2, 2010 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before ... |
| CVE-2009-4491 | CRITICAL | 9.8 | 13.5% | Jan 13, 2010 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers ... |
| CVE-2009-4488 | CRITICAL | 9.8 | 12.8% | Jan 13, 2010 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers ... |
| CVE-2009-4581 | CRITICAL | 9.8 | 5.2% | Jan 6, 2010 | Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is dis... |
| CVE-2009-2512 | CRITICAL | 9.8 | 31.2% | Nov 11, 2009 | The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not prope... |
| CVE-2009-3555 | CRITICAL | 9.8 | 87.3% | Nov 9, 2009 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS... |
| CVE-2009-3616 | CRITICAL | 9.9 | 3.9% | Oct 23, 2009 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users... |
| CVE-2009-3421 | CRITICAL | 9.8 | 5.0% | Sep 25, 2009 | login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authent... |
| CVE-2009-1048 | CRITICAL | 9.8 | 6.4% | Aug 14, 2009 | The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before ... |
Check if your code is affected by 2009 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now