CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2017-1783 264 2018-01-29 2019-04-25
2.1
None Local Low Not required None Partial None
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
1102 CVE-2017-1779 255 2018-01-29 2019-04-26
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
1103 CVE-2017-1756 200 +Info 2018-03-30 2018-04-24
2.1
None Local Low Not required Partial None None
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
1104 CVE-2017-1733 532 2018-04-04 2018-05-02
2.1
None Local Low Not required Partial None None
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
1105 CVE-2017-1716 200 +Info 2017-12-13 2017-12-27
2.1
None Local Low Not required Partial None None
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
1106 CVE-2017-1681 200 +Info 2018-01-11 2018-02-09
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.
1107 CVE-2017-1679 200 +Info 2018-09-10 2018-10-29
2.1
None Local Low Not required Partial None None
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
1108 CVE-2017-1654 200 +Info 2018-03-02 2019-04-25
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
1109 CVE-2017-1596 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.
1110 CVE-2017-1595 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.
1111 CVE-2017-1575 327 2018-07-20 2018-09-14
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.
1112 CVE-2017-1571 327 2018-03-22 2018-04-17
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
1113 CVE-2017-1545 255 2018-01-26 2018-02-08
2.1
None Local Low Not required Partial None None
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
1114 CVE-2017-1544 255 +Info 2018-07-20 2018-09-14
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.
1115 CVE-2017-1478 200 +Info 2018-01-11 2018-02-01
2.1
None Local Low Not required Partial None None
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
1116 CVE-2017-1441 284 2017-08-30 2017-09-02
2.1
None Local Low Not required Partial None None
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
1117 CVE-2017-1434 200 +Info 2017-09-12 2017-09-20
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
1118 CVE-2017-1422 200 +Info 2017-08-22 2017-08-29
2.1
None Local Low Not required Partial None None
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
1119 CVE-2017-1381 200 +Info 2017-07-21 2019-05-03
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
1120 CVE-2017-1378 255 2017-10-05 2017-10-13
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
1121 CVE-2017-1362 255 2017-09-25 2017-09-28
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
1122 CVE-2017-1349 200 +Info 2017-06-23 2017-06-27
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
1123 CVE-2017-1339 200 DoS +Info 2017-10-05 2017-10-13
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
1124 CVE-2017-1309 200 +Info 2017-07-19 2017-07-25
2.1
None Local Low Not required Partial None None
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
1125 CVE-2017-1302 200 +Info 2017-06-23 2017-06-26
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.
1126 CVE-2017-1270 384 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.
1127 CVE-2017-1268 310 2018-12-13 2019-01-08
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.
1128 CVE-2017-1261 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
1129 CVE-2017-1231 255 2018-10-12 2018-11-28
2.1
None Local Low Not required Partial None None
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
1130 CVE-2017-1207 255 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
1131 CVE-2017-1201 255 2017-10-05 2017-10-26
2.1
None Local Low Not required Partial None None
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.
1132 CVE-2017-1176 200 +Info 2017-07-05 2017-07-18
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
1133 CVE-2017-1125 200 +Info 2017-06-07 2017-06-12
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.
1134 CVE-2017-1088 200 +Info 2017-11-16 2017-12-02
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
1135 CVE-2017-1086 200 +Info 2017-11-16 2017-12-02
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.
1136 CVE-2017-0651 200 +Info 2017-06-14 2017-07-07
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.
1137 CVE-2017-0650 200 +Info 2017-06-14 2017-07-07
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.
1138 CVE-2017-0634 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.
1139 CVE-2017-0633 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.
1140 CVE-2017-0632 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.
1141 CVE-2017-0631 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.
1142 CVE-2017-0630 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.
1143 CVE-2017-0629 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.
1144 CVE-2017-0628 200 +Info 2017-05-12 2017-05-19
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.
1145 CVE-2017-0627 200 +Info 2017-05-12 2018-06-15
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.
1146 CVE-2017-0586 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.
1147 CVE-2017-0585 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.
1148 CVE-2017-0584 200 +Info 2017-04-07 2017-07-10
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.
1149 CVE-2017-0537 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.
1150 CVE-2017-0536 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.
Total number of vulnerabilities : 4720   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.