CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2010-2470 264 2010-06-28 2010-06-29
1.9
None Local Medium Not required Partial None None
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
602 CVE-2010-2389 2010-10-13 2010-11-11
1.0
None Local High Single system None Partial None
Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon.
603 CVE-2010-2387 255 +Priv 2012-12-21 2017-08-16
1.9
None Local Medium Not required Partial None None
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
604 CVE-2010-2371 2010-07-13 2012-10-22
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-2372.
605 CVE-2010-2226 20 2010-09-03 2018-10-10
1.9
None Local Medium Not required Partial None None
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
606 CVE-2010-2192 59 2010-06-18 2010-06-22
1.9
None Local Medium Not required None Partial None
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
607 CVE-2010-2066 264 2010-09-08 2018-10-10
1.9
None Local Medium Not required None Partial None
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
608 CVE-2010-2027 59 2010-05-24 2018-10-10
1.9
None Local Medium Not required None Partial None
Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.
609 CVE-2010-1775 362 Bypass 2010-06-22 2017-08-16
1.9
None Local Medium Not required Partial None None
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
610 CVE-2010-1651 310 +Info 2010-05-03 2017-08-16
1.9
None Local Medium Not required Partial None None
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.
611 CVE-2010-1650 310 +Info 2010-05-03 2017-08-16
1.9
None Local Medium Not required Partial None None
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
612 CVE-2010-1446 264 2010-05-21 2017-08-16
1.9
None Local Medium Not required None Partial None
arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke.
613 CVE-2010-1437 362 DoS Mem. Corr. 2010-05-07 2018-10-10
1.9
None Local Medium Not required None None Partial
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
614 CVE-2010-1160 59 2010-04-16 2010-06-07
1.9
None Local Medium Not required None Partial None
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
615 CVE-2010-0826 200 +Info 2010-04-05 2017-09-18
1.9
None Local Medium Not required Partial None None
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.
616 CVE-2010-0792 59 2010-03-05 2018-10-10
1.9
None Local Medium Not required Partial None None
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.
617 CVE-2010-0769 255 2010-04-01 2017-08-16
1.9
None Local Medium Not required Partial None None
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
618 CVE-2010-0180 264 2010-06-28 2010-06-28
1.9
None Local Medium Not required Partial None None
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
619 CVE-2010-0106 DoS 2010-02-19 2018-10-30
1.9
None Local Medium Not required None None Partial
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources.
620 CVE-2009-5152 362 2018-05-11 2018-06-14
1.9
None Local Medium Not required None Partial None
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.
621 CVE-2009-5117 200 +Info 2012-08-22 2017-08-28
1.9
None Local Medium Not required Partial None None
The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.
622 CVE-2009-5084 310 +Info 2011-08-12 2012-04-25
1.9
None Local Medium Not required Partial None None
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
623 CVE-2009-3746 16 +Info 2009-10-22 2017-09-18
1.9
None Local Medium Not required Partial None None
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.
624 CVE-2009-3556 264 2010-01-27 2017-09-18
1.9
None Local Medium Not required None Partial None
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
625 CVE-2009-3432 2009-09-28 2017-08-16
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.
626 CVE-2009-3412 2010-01-12 2012-10-22
1.0
None Local High Single system Partial None None
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.
627 CVE-2009-3401 2009-10-22 2012-10-22
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.
628 CVE-2009-2948 264 2009-10-07 2018-10-30
1.9
None Local Medium Not required Partial None None
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
629 CVE-2009-2911 264 DoS Overflow +Priv 2009-10-22 2009-10-31
1.9
None Local Medium Not required None None Partial
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
630 CVE-2009-2752 310 +Info 2010-02-05 2017-08-16
1.5
None Local Medium Single system Partial None None
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
631 CVE-2009-2490 DoS +Priv 2009-07-16 2017-08-16
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks."
632 CVE-2009-2094 +Info 2009-08-13 2017-08-16
1.5
None Local Medium Single system Partial None None
Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.
633 CVE-2009-2012 DoS 2009-06-09 2009-06-19
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.
634 CVE-2009-1990 2009-10-22 2012-10-22
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
635 CVE-2009-1961 362 DoS 2009-06-07 2012-03-19
1.9
None Local Medium Not required None None Partial
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
636 CVE-2009-1707 362 2009-06-10 2010-12-10
1.2
None Local High Not required Partial None None
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
637 CVE-2009-1296 200 +Info 2009-06-09 2017-08-16
1.9
None Local Medium Not required Partial None None
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
638 CVE-2009-1295 16 2009-04-30 2009-05-15
1.9
None Local Medium Not required None Partial None
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
639 CVE-2009-1215 362 2009-04-01 2017-08-16
1.9
None Local Medium Not required None Partial None
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
640 CVE-2009-0905 20 +Priv 2011-10-30 2017-08-16
1.7
None Local Low Single system None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
641 CVE-2009-0437 200 +Info 2009-02-10 2017-08-07
1.9
None Local Medium Not required Partial None None
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
642 CVE-2009-0434 200 +Info 2009-02-10 2017-08-07
1.9
None Local Medium Not required Partial None None
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
643 CVE-2009-0142 362 DoS 2009-02-12 2009-08-19
1.9
None Local Medium Not required None None Partial
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
644 CVE-2008-7256 DoS 2010-06-03 2017-08-16
1.2
None Local High Not required None None Partial
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643.
645 CVE-2008-6722 200 +Info 2009-04-14 2009-04-29
1.9
None Local Medium Not required Partial None None
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
646 CVE-2008-6561 200 +Priv +Info 2009-03-31 2017-08-16
1.9
None Local Medium Not required Partial None None
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
647 CVE-2008-5700 399 DoS 2008-12-22 2018-10-11
1.9
None Local Medium Not required None None Partial
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
648 CVE-2008-5450 2009-01-13 2012-10-22
1.2
None Local High Not required Partial None None
Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.
649 CVE-2008-5107 200 +Info 2008-11-17 2017-12-04
1.9
None Local Medium Not required Partial None None
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
650 CVE-2008-4593 200 +Info 2008-10-17 2017-08-07
1.2
None Local High Not required Partial None None
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
Total number of vulnerabilities : 845   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.