CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2013-2168 20 DoS 2013-07-03 2018-10-30
1.9
None Local Medium Not required None None Partial
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
452 CVE-2013-2162 362 +Info 2013-08-19 2014-01-13
1.9
None Local Medium Not required Partial None None
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
453 CVE-2013-1958 264 Bypass 2013-04-24 2013-05-01
1.9
None Local Medium Not required None Partial None
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.
454 CVE-2013-1952 20 DoS 2013-05-13 2017-08-28
1.9
None Local Medium Not required None None Partial
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.
455 CVE-2013-1921 310 2013-09-28 2014-03-08
1.9
None Local Medium Not required Partial None None
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
456 CVE-2013-1917 20 DoS 2013-05-13 2014-04-19
1.9
None Local Medium Not required None None Partial
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
457 CVE-2013-1546 2013-04-17 2013-10-10
1.5
None Local Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
458 CVE-2013-1502 2013-04-17 2016-11-02
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
459 CVE-2013-1499 2013-04-17 2013-10-10
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
460 CVE-2013-1442 200 +Info 2013-09-30 2017-01-06
1.2
None Local High Not required Partial None None
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
461 CVE-2013-1427 310 2013-03-21 2017-08-28
1.9
None Local Medium Not required None Partial None
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
462 CVE-2013-1056 DoS +Priv 2013-10-28 2013-10-29
1.9
None Local Medium Not required None None Partial
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
463 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
None Local Low Single system Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
464 CVE-2013-0979 264 2013-03-20 2013-03-21
1.9
None Local Medium Not required None Partial None
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
465 CVE-2013-0541 119 DoS Overflow 2013-04-24 2017-08-28
1.9
None Local Medium Not required None None Partial
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.
466 CVE-2013-0534 255 +Info 2013-06-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.
467 CVE-2013-0527 200 +Info 2013-06-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.
468 CVE-2013-0525 79 XSS 2013-03-26 2017-08-28
1.5
None Local Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
469 CVE-2013-0522 200 +Info 2018-07-16 2018-09-17
1.9
None Local Medium Not required Partial None None
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.
470 CVE-2013-0403 2013-04-17 2017-09-18
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
471 CVE-2013-0349 200 +Info 2013-02-28 2013-06-04
1.9
None Local Medium Not required Partial None None
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
472 CVE-2013-0223 119 DoS Overflow 2013-11-23 2018-10-30
1.9
None Local Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
473 CVE-2013-0200 59 2013-03-06 2014-02-06
1.9
None Local Medium Not required None Partial None
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
474 CVE-2013-0179 119 DoS Overflow 2014-01-13 2018-03-24
1.8
None Local Network High Not required None None Partial
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.
475 CVE-2013-0154 DoS 2013-01-11 2017-08-28
1.9
None Local Medium Not required None None Partial
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
476 CVE-2013-0122 20 DoS 2013-04-21 2015-01-08
1.9
None Local Medium Not required None None Partial
The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.
477 CVE-2012-6549 200 +Info 2013-03-15 2013-08-22
1.9
None Local Medium Not required Partial None None
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
478 CVE-2012-6548 200 +Info 2013-03-15 2014-02-06
1.9
None Local Medium Not required Partial None None
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
479 CVE-2012-6547 200 +Info 2013-03-15 2013-08-22
1.9
None Local Medium Not required Partial None None
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
480 CVE-2012-6546 200 +Info 2013-03-15 2013-06-04
1.9
None Local Medium Not required Partial None None
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
481 CVE-2012-6545 200 +Info 2013-03-15 2014-01-03
1.9
None Local Medium Not required Partial None None
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
482 CVE-2012-6544 200 +Info 2013-03-15 2014-02-06
1.9
None Local Medium Not required Partial None None
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
483 CVE-2012-6543 200 +Info 2013-03-15 2013-03-18
1.9
None Local Medium Not required Partial None None
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
484 CVE-2012-6542 200 +Info 2013-03-15 2014-01-03
1.9
None Local Medium Not required Partial None None
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
485 CVE-2012-6541 200 +Info 2013-03-15 2013-03-18
1.9
None Local Medium Not required Partial None None
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
486 CVE-2012-6540 200 +Info 2013-03-15 2013-05-14
1.9
None Local Medium Not required Partial None None
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
487 CVE-2012-6539 200 +Info 2013-03-15 2013-05-14
1.9
None Local Medium Not required Partial None None
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
488 CVE-2012-6538 200 +Info 2013-03-15 2013-06-04
1.9
None Local Medium Not required Partial None None
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
489 CVE-2012-6537 200 +Info 2013-03-15 2013-06-04
1.9
None Local Medium Not required Partial None None
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
490 CVE-2012-6140 200 Bypass +Info 2013-04-24 2013-05-07
1.9
None Local Medium Not required Partial None None
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
491 CVE-2012-6095 362 2013-01-24 2013-01-25
1.2
None Local High Not required None Partial None
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
492 CVE-2012-5616 255 +Info 2013-01-22 2013-04-01
1.5
None Local Medium Single system Partial None None
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
493 CVE-2012-4838 +Info 2012-12-08 2017-08-28
1.9
None Local Medium Not required Partial None None
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity.
494 CVE-2012-4832 200 +Info 2013-01-31 2017-08-28
1.9
None Local Medium Not required Partial None None
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
495 CVE-2012-4693 310 2012-12-18 2012-12-19
1.9
None Local Medium Not required Partial None None
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
496 CVE-2012-4676 59 2012-08-26 2012-08-27
1.2
None Local High Not required None Partial None
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
497 CVE-2012-4535 399 DoS 2012-11-21 2017-08-28
1.9
None Local Medium Not required None None Partial
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
498 CVE-2012-4508 362 +Info 2012-12-21 2014-01-07
1.9
None Local Medium Not required Partial None None
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
499 CVE-2012-4461 DoS 2013-01-22 2013-06-20
1.9
None Local Medium Not required None None Partial
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.
500 CVE-2012-3741 287 Bypass 2012-09-20 2017-08-28
1.9
None Local Medium Not required None Partial None
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Total number of vulnerabilities : 860   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.