CVE-2009-3946

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3946 - Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. ...
7 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2011-3946 - The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. ...
11 years ago

CVE-2012-3946 - Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of ...
10 years ago

CVE-2014-3946 - The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. ...
10 years ago

CVE-2015-3946 - Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. ...
9 years ago

CVE-2016-3946 - SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. ...
8 years ago

CVE-2006-3946 - WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a ...
7 years ago

CVE-2008-3946 - The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. ...
7 years ago

CVE-2010-3946 - Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka ...
6 years ago

CVE-2007-3946 - mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) ...
6 years ago

CVE-2019-3946 - Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. ...
5 years ago

CVE-2013-3946 - Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. ...
5 years ago

CVE-2020-3946 - InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). ...
3 years ago

CVE-2005-3946 - Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. ...
3 years ago

CVE-2022-3946 - The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. ...
2 years ago

CVE-2018-3946 - An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary ...
2 years ago

CVE-2023-3946 - ...
1 year ago

CVE-2017-3946 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2024-3946 - The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ...
9 months ago

CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
55 years ago Tenable.com

CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
14 years ago