CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2014-6146 200 +Info 2014-11-08 2017-09-08
1.9
None Local Medium Not required Partial None None
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.
602 CVE-2014-6134 200 +Info 2015-03-25 2015-03-25
1.2
None Local High Not required Partial None None
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
603 CVE-2014-5423 255 +Info 2014-10-19 2014-10-22
1.9
None Local Medium Not required Partial None None
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.
604 CVE-2014-5233 200 +Info 2015-01-14 2015-11-13
1.9
None Local Medium Not required Partial None None
The Siemens SIMATIC WinCC [email protected] app before 1.0.2 for iOS allows physically proximate attackers to discover [email protected] credentials by leveraging an error in the credential-processing mechanism.
605 CVE-2014-5232 264 Bypass 2015-01-14 2015-11-13
1.9
None Local Medium Not required None Partial None
The Siemens SIMATIC WinCC [email protected] app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
606 CVE-2014-5177 20 2014-08-03 2019-04-22
1.2
None Local High Not required Partial None None
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
607 CVE-2014-5036 200 +Info 2014-09-05 2014-09-08
1.9
None Local Medium Not required Partial None None
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
608 CVE-2014-5030 59 2014-07-29 2017-01-07
1.9
None Local Medium Not required Partial None None
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
609 CVE-2014-5029 59 2014-07-29 2017-01-07
1.5
None Local Medium ??? Partial None None
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
610 CVE-2014-4995 200 +Info 2018-01-10 2018-01-30
1.9
None Local Medium Not required Partial None None
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
611 CVE-2014-4822 255 2014-10-19 2017-08-29
1.9
None Local Medium Not required Partial None None
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
612 CVE-2014-4812 200 +Info 2014-10-26 2017-08-29
1.8
None Local Network High Not required Partial None None
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.
613 CVE-2014-4652 362 +Info 2014-07-03 2020-08-14
1.9
None Local Medium Not required Partial None None
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
614 CVE-2014-4450 255 2014-10-22 2017-08-29
1.9
None Local Medium Not required Partial None None
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
615 CVE-2014-4448 310 +Info 2014-10-22 2017-08-29
1.9
None Local Medium Not required Partial None None
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
616 CVE-2014-4447 310 2014-10-18 2017-08-29
1.9
None Local Medium Not required Partial None None
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.
617 CVE-2014-4421 +Info 2014-09-18 2019-03-08
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
618 CVE-2014-4420 +Info 2014-09-18 2019-03-08
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
619 CVE-2014-4419 +Info 2014-09-18 2019-03-08
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
620 CVE-2014-4386 362 +Priv 2014-09-18 2017-08-29
1.9
None Local Medium Not required None Partial None
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
621 CVE-2014-4384 22 Dir. Trav. 2014-09-18 2017-08-29
1.9
None Local Medium Not required None Partial None
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
622 CVE-2014-4371 665 +Info 2014-09-18 2019-11-07
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
623 CVE-2014-4248 2014-07-17 2018-10-09
1.0
None Local High ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.
624 CVE-2014-3956 200 +Info 2014-06-04 2017-12-29
1.9
None Local Medium Not required Partial None None
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
625 CVE-2014-3716 20 DoS 2014-05-19 2018-10-30
1.9
None Local Medium Not required None None Partial
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
626 CVE-2014-3647 DoS 2014-11-10 2020-08-13
1.9
None Local Medium Not required None None Partial
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
627 CVE-2014-3636 399 DoS 2014-10-25 2018-10-30
1.9
None Local Medium Not required None None Partial
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
628 CVE-2014-3591 200 +Info 2019-11-29 2019-12-05
1.9
None Local Medium Not required Partial None None
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
629 CVE-2014-3537 59 2014-07-23 2017-01-07
1.2
None Local High Not required Partial None None
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
630 CVE-2014-2926 DoS 2014-07-14 2014-07-15
1.7
None Local Low ??? None None Partial
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
631 CVE-2014-2893 59 +Info 2014-04-23 2018-10-30
1.9
None Local Medium Not required Partial None None
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
632 CVE-2014-2603 +Info 2014-05-10 2019-10-09
1.7
None Remote High ??? Partial None None
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.
633 CVE-2014-2488 2014-07-17 2018-10-09
1.0
None Local High ??? Partial None None
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.
634 CVE-2014-2485 2014-07-17 2018-10-09
1.4
None Local Low ??? Partial None None
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.
635 CVE-2014-1515 200 +Info 2014-03-25 2014-04-01
1.9
None Local Medium Not required Partial None None
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.
636 CVE-2014-1496 269 +Priv 2014-03-19 2020-08-05
1.9
None Local Medium Not required None Partial None
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
637 CVE-2014-1446 399 +Info 2014-01-18 2017-08-29
1.9
None Local Medium Not required Partial None None
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
638 CVE-2014-1444 399 +Info 2014-01-18 2017-08-29
1.7
None Local Low ??? Partial None None
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
639 CVE-2014-1422 732 2020-07-22 2020-08-09
1.9
None Local Medium Not required Partial None None
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
640 CVE-2014-1352 264 2014-07-01 2017-01-07
1.9
None Local Medium Not required None Partial None
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
641 CVE-2014-1281 264 2014-03-14 2014-03-14
1.9
None Local Medium Not required Partial None None
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.
642 CVE-2014-0974 264 2014-08-25 2016-07-13
1.9
None Local Medium Not required None Partial None
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
643 CVE-2014-0890 255 +Info 2014-03-06 2017-08-29
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
644 CVE-2014-0872 255 +Info 2018-04-25 2018-06-13
1.5
None Local Medium ??? Partial None None
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.
645 CVE-2014-0179 20 DoS 2014-08-03 2019-04-22
1.9
None Local Medium Not required None None Partial
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
646 CVE-2014-0146 476 DoS 2017-08-10 2017-11-04
1.9
None Local Medium Not required None None Partial
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
647 CVE-2014-0135 264 +Info 2014-05-08 2014-05-09
1.9
None Local Medium Not required Partial None None
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
648 CVE-2014-0076 310 2014-03-25 2017-12-16
1.9
None Local Medium Not required Partial None None
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
649 CVE-2014-0058 310 2014-02-26 2017-01-07
1.9
None Local Medium Not required Partial None None
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
650 CVE-2014-0019 119 DoS Overflow 2014-02-04 2018-10-30
1.9
None Local Medium Not required None None Partial
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
Total number of vulnerabilities : 1092   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.