CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2012-2424 DoS 2012-04-25 2017-12-18
1.8
None Local Network High Not required None None Partial
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter.
502 CVE-2012-2423 200 +Info 2012-04-25 2017-12-18
1.8
None Local Network High Not required Partial None None
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object.
503 CVE-2012-2421 22 Dir. Trav. 2012-04-25 2017-12-18
1.8
None Local Network High Not required Partial None None
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
504 CVE-2012-2420 200 Overflow +Info 2012-04-25 2017-08-28
1.8
None Local Network High Not required Partial None None
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its (1) last or (2) second-to-last character, in situations where a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur.
505 CVE-2012-2419 399 DoS 2012-04-25 2017-12-18
1.8
None Local Network High Not required None None Partial
Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair.
506 CVE-2012-2313 264 2012-06-13 2016-09-06
1.2
None Local High Not required None None Partial
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
507 CVE-2012-2103 59 2012-08-26 2017-08-28
1.2
None Local High Not required None Partial None
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
508 CVE-2012-1568 Bypass 2013-03-01 2013-03-01
1.9
None Local Medium Not required None Partial None
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.
509 CVE-2012-1106 264 +Info 2012-07-03 2017-08-28
1.9
None Local Medium Not required Partial None None
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
510 CVE-2012-0742 200 +Info 2012-04-09 2017-08-28
1.9
None Local Medium Not required Partial None None
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
511 CVE-2012-0700 255 Bypass 2013-01-31 2017-08-28
1.9
None Local Medium Not required None Partial None
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
512 CVE-2012-0645 264 Bypass 2012-03-08 2018-11-29
1.2
None Local High Not required None Partial None
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
513 CVE-2012-0494 2012-01-18 2018-01-04
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
514 CVE-2012-0218 DoS 2012-12-03 2013-10-10
1.9
None Local Medium Not required None None Partial
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
515 CVE-2012-0174 264 Bypass +Info 2012-05-08 2018-10-12
1.7
None Local Low Single system Partial None None
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
516 CVE-2012-0098 2012-01-18 2018-01-05
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.
517 CVE-2012-0075 2012-01-18 2018-07-20
1.7
None Remote High Multiple systems None Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
518 CVE-2011-5204 255 1 +Info 2012-10-04 2012-10-05
1.9
None Local Medium Not required Partial None None
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
519 CVE-2011-5119 362 Bypass 2012-08-25 2012-08-27
1.9
None Local Medium Not required None Partial None
Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.
520 CVE-2011-5118 362 Bypass 2012-08-25 2012-08-27
1.9
None Local Medium Not required None Partial None
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors.
521 CVE-2011-4944 264 2012-08-27 2013-10-30
1.9
None Local Medium Not required Partial None None
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
522 CVE-2011-4617 59 2011-12-30 2012-01-31
1.2
None Local High Not required None Partial None
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
523 CVE-2011-4415 20 DoS 2011-11-08 2012-07-03
1.2
None Local High Not required None None Partial
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
524 CVE-2011-4105 59 2012-02-17 2014-03-07
1.9
None Local Medium Not required None Partial None
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
525 CVE-2011-4098 119 DoS Overflow 2013-06-08 2013-06-10
1.9
None Local Medium Not required None None Partial
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.
526 CVE-2011-4029 362 DoS 2012-07-03 2012-07-17
1.9
None Local Medium Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
527 CVE-2011-4028 59 2012-07-03 2012-07-17
1.2
None Local High Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
528 CVE-2011-3693 310 2011-09-27 2012-05-21
1.9
None Local Medium Not required Partial None None
NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file.
529 CVE-2011-3692 310 +Info 2011-09-27 2012-05-21
1.9
None Local Medium Not required Partial None None
NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step.
530 CVE-2011-3685 310 +Info 2011-09-27 2012-05-21
1.9
None Local Medium Not required Partial None None
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory.
531 CVE-2011-3561 2011-10-19 2018-10-30
1.8
None Local Network High Not required Partial None None
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
532 CVE-2011-3541 2011-10-18 2017-08-28
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows local users to affect availability via unknown vectors related to Outside In Filters.
533 CVE-2011-3539 2011-10-18 2017-08-28
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
534 CVE-2011-3440 264 2011-11-11 2011-11-15
1.2
None Local High Not required Partial None None
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
535 CVE-2011-3163 200 +Info 2011-10-23 2012-02-13
1.2
None Local High Not required Partial None None
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.
536 CVE-2011-3154 59 2014-04-17 2014-04-17
1.9
None Local Medium Not required Partial None None
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
537 CVE-2011-3153 59 2014-03-06 2014-03-07
1.9
None Local Medium Not required Partial None None
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
538 CVE-2011-2724 20 DoS 2011-09-06 2018-10-30
1.2
None Local High Not required None None Partial
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
539 CVE-2011-2722 59 2012-05-25 2013-10-10
1.2
None Local High Not required None Partial None
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
540 CVE-2011-2693 DoS 2013-06-08 2013-06-10
1.9
None Local Medium Not required None None Partial
The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.
541 CVE-2011-2492 200 +Info 2011-07-28 2016-08-22
1.9
None Local Medium Not required Partial None None
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
542 CVE-2011-2318 2011-10-18 2012-01-19
1.5
None Local Medium Single system Partial None None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security.
543 CVE-2011-2312 2011-10-18 2011-12-23
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.
544 CVE-2011-2311 2011-10-18 2016-11-22
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313.
545 CVE-2011-2291 2011-07-20 2011-10-04
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
546 CVE-2011-2267 2011-07-20 2014-01-13
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
547 CVE-2011-2242 2011-07-20 2011-10-04
1.3
None Local Medium Multiple systems Partial None None
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP.
548 CVE-2011-2240 2011-07-20 2011-10-04
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.
549 CVE-2011-2204 200 +Info 2011-06-29 2018-01-05
1.9
None Local Medium Not required Partial None None
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
550 CVE-2011-1820 200 +Info 2011-04-21 2017-08-16
1.7
None Local Low Single system Partial None None
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
Total number of vulnerabilities : 845   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.