Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

GET THE API

Perspectives, Insights, and News

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

READ BLOG→

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

The State of Cyberwarfare

The state of Cyberwarfare

LEARN MORE→

December 2009 CVEs

416 vulnerabilities published in December 2009.

CVE-2009-4151Medium 5.8
CVE-2009-4151: Session fixation vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifie…
CVE-2009-4153High 7.5
CVE-2009-4153 describes an unspecified vulnerability in the XMLAccess component of IBM WebSphere Portal 6.1.x before 6.1.0.3, with unknown impact and attack vectors related to the work directory.
CVE-2009-4152Medium 4.3
Cross-site scripting (XSS) vulnerability in the Collaboration component of IBM WebSphere Portal 6.1.x before 6.1.0.3, allowing remote attackers to inject arbitrary web script or HTML via the people pi…
CVE-2009-2686High 7.2
Unspecified vulnerability in HP NonStop systems (G06.12.00–G06.32.00, H06.08.00–H06.18.01, and J06.04.00–J06.07.01) could allow local users to gain privileges, cause a denial of service, or obtain acc…
CVE-2009-4027High 7.1
Race condition in the Linux kernel's mac80211 subsystem (pre-2.6.32-rc8-next-20091201) that allows remote attackers to cause a denial of service (system crash) by sending a crafted Delete Block ACK (D…
CVE-2009-3585Medium 5.8
CVE-2009-3585 describes a session fixation vulnerability in Best Practical Solutions RT (Request Tracker) where an attacker can hijack a user’s web session by pre-setting the session identifier via ma…
CVE-2009-3672Critical 9.3
Microsoft Internet Explorer 6 and 7 contain an HTML object memory corruption vulnerability that can allow remote code execution through manipulated STYLE elements in memory, exploited via a call to ge…
CVE-2009-4055Medium 5.0
Remote denial-of-service vulnerability in Asterisk's RTP handling (rtp.c) that allows an attacker to crash the daemon by sending a crafted RTP comfort-noise payload with an excessively long data lengt…
CVE-2009-4150Medium 4.6
Unprivileged users can execute dasauto in IBM DB2 versions 8 (before FP18), 9.1 (before FP8), 9.5 (before FP4), and 9.7 (before FP1, using local attack vectors) with unspecified impact.
CVE-2009-2626Medium 6.4
A vulnerability in PHP's zend_restore_ini_entry_cb (zend_ini.c) affects PHP 5.3.0, 5.2.10, and earlier versions, allowing context-specific attackers to disclose memory contents and potentially crash P…
CVE-2009-4128High 7.2
GNU GRUB 2 version 1.97 contains a password verification flaw where the bootloader only compares the submitted portion of a password with the real one, allowing physically proximate attackers to bypas…
CVE-2009-4120Medium 6.8
Multiple CSRF vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the administrator's session and perform unauthorized state-changing actions, such as deleting orders, and possibly dele…
CVE-2009-4121Medium 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack an administrator's session and perform privileged actions, including…
CVE-2009-4119Medium 4.3
A cross-site scripting (XSS) vulnerability in the Drupal Feed Element Mapper module allows remote attackers to inject arbitrary scripts or HTML via unspecified vectors in certain older releases.
CVE-2009-4118Low 2.1
Denial of service in Cisco VPN Client for Windows where StartServiceCtrlDispatcher mishandles an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, allowing local users to crash cvpnd and disrupt VPN conn…
CVE-2009-4117Critical 9.3
Multiple stack-based buffer overflows in MuPDF's pdf_shade4.c allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted /Decode arrays for shading types 4–7, …