CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2013-5885 2014-01-15 2017-08-28
1.7
None Local Low Single system None Partial None
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.
452 CVE-2013-5874 2014-01-15 2014-02-06
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging.
453 CVE-2013-5865 2013-10-16 2017-08-28
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration.
454 CVE-2013-5791 1 Exec Code Overflow 2013-10-16 2018-10-12
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
455 CVE-2013-5763 2013-12-12 2018-10-12
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.
456 CVE-2013-5187 264 +Info 2013-10-23 2013-10-24
1.9
None Local Medium Not required Partial None None
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
457 CVE-2013-5169 264 +Info 2013-10-23 2013-10-24
1.9
None Local Medium Not required Partial None None
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
458 CVE-2013-5150 200 +Info 2013-09-19 2014-10-24
1.9
None Local Medium Not required Partial None None
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
459 CVE-2013-4829 200 +Info 2013-10-04 2013-10-08
1.5
None Local Medium Single system Partial None None
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.
460 CVE-2013-4509 255 2013-11-23 2018-10-30
1.9
None Local Medium Not required Partial None None
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
461 CVE-2013-4481 362 +Info 2013-11-23 2019-04-22
1.9
None Local Medium Not required Partial None None
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
462 CVE-2013-4476 310 +Info 2013-11-13 2015-03-02
1.2
None Local High Not required Partial None None
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
463 CVE-2013-4469 399 DoS 2013-11-02 2014-06-21
1.9
None Local Medium Not required None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
464 CVE-2013-4425 255 2013-11-17 2017-08-28
1.9
None Local Medium Not required Partial None None
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
465 CVE-2013-4369 DoS 2013-10-17 2017-08-28
1.9
None Local Medium Not required None None Partial
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
466 CVE-2013-4368 200 +Info 2013-10-17 2017-08-28
1.9
None Local Medium Not required Partial None None
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.
467 CVE-2013-4355 200 +Info 2013-10-01 2017-01-06
1.5
None Local Medium Single system Partial None None
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.
468 CVE-2013-4259 264 2013-09-16 2018-10-30
1.9
None Local Medium Not required Partial None None
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
469 CVE-2013-4242 200 +Info 2013-08-19 2018-10-30
1.9
None Local Medium Not required Partial None None
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
470 CVE-2013-4025 264 2013-09-25 2017-08-28
1.9
None Local Medium Not required Partial None None
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
471 CVE-2013-3287 310 2013-11-02 2013-11-05
1.9
None Local Medium Not required Partial None None
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
472 CVE-2013-2997 264 2013-09-08 2017-08-28
1.7
None Local Low Single system Partial None None
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
473 CVE-2013-2976 200 +Info 2013-08-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.
474 CVE-2013-2898 20 +Info 2013-09-16 2013-10-30
1.9
None Local Medium Not required Partial None None
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.
475 CVE-2013-2636 399 +Info 2013-03-22 2013-04-05
1.9
None Local Medium Not required Partial None None
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
476 CVE-2013-2635 399 +Info 2013-03-22 2014-02-06
1.9
None Local Medium Not required Partial None None
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
477 CVE-2013-2634 399 +Info 2013-03-22 2014-02-06
1.9
None Local Medium Not required Partial None None
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
478 CVE-2013-2393 2013-04-17 2018-10-12
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
479 CVE-2013-2382 2013-04-17 2013-10-10
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
480 CVE-2013-2302 200 +Info 2013-04-04 2013-04-05
1.9
None Local Medium Not required Partial None None
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server.
481 CVE-2013-2217 59 2013-09-23 2019-04-22
1.2
None Local High Not required None Partial None
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
482 CVE-2013-2168 20 DoS 2013-07-03 2018-10-30
1.9
None Local Medium Not required None None Partial
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
483 CVE-2013-2162 362 +Info 2013-08-19 2014-01-13
1.9
None Local Medium Not required Partial None None
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
484 CVE-2013-1958 264 Bypass 2013-04-24 2013-05-01
1.9
None Local Medium Not required None Partial None
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.
485 CVE-2013-1952 20 DoS 2013-05-13 2017-08-28
1.9
None Local Medium Not required None None Partial
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.
486 CVE-2013-1921 310 2013-09-28 2014-03-08
1.9
None Local Medium Not required Partial None None
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
487 CVE-2013-1917 20 DoS 2013-05-13 2014-04-19
1.9
None Local Medium Not required None None Partial
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
488 CVE-2013-1546 2013-04-17 2013-10-10
1.5
None Local Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
489 CVE-2013-1502 2013-04-17 2016-11-02
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
490 CVE-2013-1499 2013-04-17 2013-10-10
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
491 CVE-2013-1442 200 +Info 2013-09-30 2017-01-06
1.2
None Local High Not required Partial None None
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
492 CVE-2013-1427 310 2013-03-21 2017-08-28
1.9
None Local Medium Not required None Partial None
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
493 CVE-2013-1056 DoS +Priv 2013-10-28 2013-10-29
1.9
None Local Medium Not required None None Partial
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
494 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
None Local Low Single system Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
495 CVE-2013-0979 264 2013-03-20 2013-03-21
1.9
None Local Medium Not required None Partial None
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
496 CVE-2013-0541 119 DoS Overflow 2013-04-24 2017-08-28
1.9
None Local Medium Not required None None Partial
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.
497 CVE-2013-0534 255 +Info 2013-06-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.
498 CVE-2013-0527 200 +Info 2013-06-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.
499 CVE-2013-0525 79 XSS 2013-03-26 2017-08-28
1.5
None Local Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
500 CVE-2013-0522 200 +Info 2018-07-16 2018-09-17
1.9
None Local Medium Not required Partial None None
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.
Total number of vulnerabilities : 878   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.