CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2017-1756 200 +Info 2018-03-30 2018-04-24
2.1
None Local Low Not required Partial None None
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
952 CVE-2017-1733 532 2018-04-04 2018-05-02
2.1
None Local Low Not required Partial None None
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
953 CVE-2017-1716 200 +Info 2017-12-13 2017-12-27
2.1
None Local Low Not required Partial None None
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
954 CVE-2017-1681 200 +Info 2018-01-11 2018-02-09
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.
955 CVE-2017-1679 200 +Info 2018-09-10 2018-10-29
2.1
None Local Low Not required Partial None None
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
956 CVE-2017-1654 200 +Info 2018-03-02 2019-04-25
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
957 CVE-2017-1596 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.
958 CVE-2017-1595 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.
959 CVE-2017-1575 327 2018-07-20 2018-09-14
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.
960 CVE-2017-1571 327 2018-03-22 2018-04-17
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
961 CVE-2017-1545 255 2018-01-26 2018-02-08
2.1
None Local Low Not required Partial None None
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
962 CVE-2017-1544 255 +Info 2018-07-20 2018-09-14
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.
963 CVE-2017-1478 200 +Info 2018-01-11 2018-02-01
2.1
None Local Low Not required Partial None None
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
964 CVE-2017-1441 284 2017-08-30 2017-09-02
2.1
None Local Low Not required Partial None None
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
965 CVE-2017-1434 200 +Info 2017-09-12 2017-09-20
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
966 CVE-2017-1422 200 +Info 2017-08-22 2017-08-29
2.1
None Local Low Not required Partial None None
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
967 CVE-2017-1381 200 +Info 2017-07-21 2019-05-03
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
968 CVE-2017-1378 255 2017-10-05 2017-10-13
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
969 CVE-2017-1362 255 2017-09-25 2017-09-28
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
970 CVE-2017-1349 200 +Info 2017-06-23 2017-06-27
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
971 CVE-2017-1339 200 DoS +Info 2017-10-05 2017-10-13
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
972 CVE-2017-1309 200 +Info 2017-07-19 2017-07-25
2.1
None Local Low Not required Partial None None
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
973 CVE-2017-1302 200 +Info 2017-06-23 2017-06-26
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.
974 CVE-2017-1270 384 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.
975 CVE-2017-1268 310 2018-12-13 2019-01-08
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.
976 CVE-2017-1261 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
977 CVE-2017-1231 255 2018-10-12 2018-11-28
2.1
None Local Low Not required Partial None None
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
978 CVE-2017-1207 255 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
979 CVE-2017-1201 255 2017-10-05 2017-10-26
2.1
None Local Low Not required Partial None None
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.
980 CVE-2017-1176 200 +Info 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
981 CVE-2017-1125 200 +Info 2017-06-07 2017-06-12
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.
982 CVE-2017-1088 200 +Info 2017-11-16 2017-12-02
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
983 CVE-2017-1086 200 +Info 2017-11-16 2017-12-02
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.
984 CVE-2017-0651 200 +Info 2017-06-14 2017-07-07
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.
985 CVE-2017-0650 200 +Info 2017-06-14 2017-07-07
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.
986 CVE-2017-0634 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.
987 CVE-2017-0633 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.
988 CVE-2017-0632 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.
989 CVE-2017-0631 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.
990 CVE-2017-0630 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.
991 CVE-2017-0629 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.
992 CVE-2017-0628 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.
993 CVE-2017-0627 200 +Info 2017-05-12 2018-06-15
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.
994 CVE-2017-0586 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.
995 CVE-2017-0585 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.
996 CVE-2017-0584 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.
997 CVE-2017-0537 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.
998 CVE-2017-0536 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.
999 CVE-2017-0535 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247.
1000 CVE-2017-0534 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.