| | CVE-2009-0091 |  Microsoft | critical | 9.3 | 42.0%
| | Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality con… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-0555 | Microsoft | critical | 9.3 | 31.9%
| | Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice De… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-1547 | Microsoft | high | 8.8 | 29.7%
| | Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote att… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2497 | Microsoft | critical | 9.3 | 37.2%
| | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2500 | Microsoft | critical | 9.3 | 56.8%
| | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2501 | Microsoft | critical | 9.3 | 53.1%
| | Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Off… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2502 | Microsoft | high | 8.1 | 47.5%
| | Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3,… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2503 | Microsoft | critical | 9.3 | 41.4%
| | GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office X… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2504 | Microsoft | critical | 9.3 | 46.3%
| | Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Fra… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2518 | Microsoft | critical | 9.3 | 53.2%
| | Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary cod… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2525 | Microsoft | critical | 9.3 | 33.8%
| | Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice De… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2527 | Microsoft | critical | 9.3 | 45.4%
| | Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute … | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2528 | Microsoft | critical | 9.3 | 38.7%
| | GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Ta… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2529 | Microsoft | high | 8.1 | 22.6%
| | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validatio… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2530 | Microsoft | critical | 9.3 | 37.6%
| | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which all… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2531 | Microsoft | critical | 9.3 | 37.6%
| | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which all… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-3126 | Microsoft | critical | 9.3 | 48.5%
| | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3… | Oct 14, 2009 | Apr 23, 2026 |
| | CVE-2009-2874 |  Cisco | high | 7.8 | 3.1%
| | The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows… | Oct 16, 2009 | Apr 23, 2026 |
| | CVE-2009-3281 |  VMware | high | 7.2 | 0.2%
| | The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file perm… | Oct 16, 2009 | Apr 23, 2026 |
| | CVE-2009-3282 | VMware | high | 7.8 | 0.5%
| | Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows hos… | Oct 16, 2009 | Apr 23, 2026 |
| | CVE-2009-3707 | VMware | medium | 5.0 | 21.3%
| | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware W… | Oct 16, 2009 | Apr 23, 2026 |
| | CVE-2009-3621 | VMware | medium | 5.5 | 0.1%
| | net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of … | Oct 22, 2009 | Apr 23, 2026 |
| | CVE-2009-3821 |  Apache | medium | 4.3 | 1.5%
| | Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 … | Oct 28, 2009 | Apr 23, 2026 |
| | CVE-2009-3830 | Microsoft | medium | 5.0 | 64.2%
| | The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 a… | Oct 30, 2009 | Apr 23, 2026 |
| | CVE-2009-2267 | VMware | medium | 6.9 | 2.6%
| | VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, V… | Nov 2, 2009 | Apr 23, 2026 |
| | CVE-2009-3733 | VMware | medium | 5.0 | 90.1%
| | Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0… | Nov 2, 2009 | Apr 23, 2026 |
| | CVE-2009-3720 | Apache | medium | 5.0 | 1.2%
| | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXM… | Nov 3, 2009 | Apr 23, 2026 |
| | CVE-2009-3547 | VMware | high | 7.0 | 3.2%
| | Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cau… | Nov 4, 2009 | Apr 23, 2026 |
| | CVE-2009-2685 |  HPE | critical | 10.0 | 85.4%
| | Stack-based buffer overflow in the login form in the management web server in HP Power Manager allow… | Nov 6, 2009 | Apr 23, 2026 |
| | CVE-2009-3555 | Apache | medium | 5.8 | 2.0%
| | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Infor… | Nov 9, 2009 | Apr 23, 2026 |
| | CVE-2009-3127 | Microsoft | critical | 9.3 | 60.9%
| | Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Con… | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3128 | Microsoft | critical | 9.3 | 54.9%
| | Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly pa… | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3129 | Microsoft | high | 7.8 | 91.2%
| ⚠ KEV | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open … | Nov 11, 2009 | Apr 22, 2026 |
| | CVE-2009-3135 | Microsoft | critical | 9.3 | 69.7%
| | Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for… | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3130 | Microsoft | critical | 9.3 | 61.8%
| | Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope… | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3131 | Microsoft | critical | 9.3 | 54.2%
| | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open … | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3132 | Microsoft | critical | 9.3 | 54.2%
| | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open … | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3133 | Microsoft | critical | 9.3 | 54.2%
| | Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter fo… | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3134 | Microsoft | critical | 9.3 | 54.9%
| | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open … | Nov 11, 2009 | Apr 23, 2026 |
| | CVE-2009-3548 | Apache | high | 7.5 | 86.9%
| | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly ear… | Nov 12, 2009 | Apr 23, 2026 |
| | CVE-2009-2678 | HPE | medium | 4.0 | 0.3%
| | Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G0… | Nov 13, 2009 | Apr 23, 2026 |
| | CVE-2009-3565 |  Trellix | medium | 4.3 | 5.9%
| | Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee Intr… | Nov 13, 2009 | Apr 23, 2026 |
| | CVE-2009-3566 | Trellix | medium | 4.3 | 5.1%
| | McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly fl… | Nov 13, 2009 | Apr 23, 2026 |
| | CVE-2009-3943 | Microsoft | medium | 5.0 | 11.6%
| | Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attac… | Nov 16, 2009 | Apr 23, 2026 |
| | CVE-2009-3841 | HPE | critical | 9.0 | 0.4%
| | Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60… | Nov 17, 2009 | Apr 23, 2026 |
| | CVE-2009-3840 | HPE | medium | 5.0 | 17.2%
| | The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) … | Nov 19, 2009 | Apr 23, 2026 |
| | CVE-2009-3977 | HPE | medium | 5.0 | 2.4%
| | Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node … | Nov 19, 2009 | Apr 23, 2026 |
| | CVE-2009-4040 | Microsoft | medium | 4.3 | 0.3%
| | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used… | Nov 20, 2009 | Apr 23, 2026 |
| | CVE-2009-3843 | HPE | critical | 10.0 | 86.8%
| | HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tom… | Nov 24, 2009 | Apr 23, 2026 |
| | CVE-2009-3896 |  F5 | medium | 5.0 | 2.5%
| | src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x b… | Nov 24, 2009 | Apr 23, 2026 |