CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2001 CVE-2015-0511 2015-04-16 2017-01-02
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
2002 CVE-2015-0504 2015-04-16 2017-01-02
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.
2003 CVE-2015-0418 2015-01-21 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
2004 CVE-2015-0397 2015-01-21 2017-09-07
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.
2005 CVE-2015-0378 2015-01-21 2017-09-07
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.
2006 CVE-2015-0257 264 +Info 2015-05-01 2016-06-28
2.1
None Local Low Not required Partial None None
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.
2007 CVE-2015-0238 200 +Info 2017-09-25 2017-10-10
2.1
None Local Low Not required Partial None None
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
2008 CVE-2015-0200 200 +Info 2015-05-29 2019-09-30
2.1
None Local Low Not required Partial None None
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.
2009 CVE-2015-0170 200 +Info 2015-05-25 2015-05-26
2.1
None Local Low Not required Partial None None
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.
2010 CVE-2015-0146 264 Bypass +Info 2015-03-18 2015-03-18
2.1
None Local Low Not required Partial None None
IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.
2011 CVE-2015-0136 200 +Info 2015-03-23 2015-03-24
2.1
None Local Low Not required Partial None None
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.
2012 CVE-2015-0094 200 Bypass +Info 2015-03-11 2019-05-14
2.1
None Local Low Not required Partial None None
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."
2013 CVE-2015-0084 254 Bypass 2015-03-11 2019-05-14
2.1
None Local Low Not required None Partial None
The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."
2014 CVE-2015-0077 200 Bypass +Info 2015-03-11 2019-05-14
2.1
None Local Low Not required Partial None None
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."
2015 CVE-2014-9913 119 DoS Overflow 2017-01-18 2017-01-20
2.1
None Local Low Not required None None Partial
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
2016 CVE-2014-9903 200 +Info 2016-06-27 2016-11-28
2.1
None Local Low Not required Partial None None
The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.
2017 CVE-2014-9770 264 +Info 2016-04-20 2018-10-30
2.1
None Local Low Not required Partial None None
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
2018 CVE-2014-9740 79 XSS 2015-07-06 2015-07-08
2.1
None Remote High Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.
2019 CVE-2014-9731 17 +Info 2015-08-31 2017-07-12
2.1
None Local Low Not required Partial None None
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.
2020 CVE-2014-9680 200 +Info 2017-04-24 2018-01-04
2.1
None Local Low Not required Partial None None
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
2021 CVE-2014-9645 20 Bypass 2017-03-12 2019-04-03
2.1
None Local Low Not required None Partial None
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
2022 CVE-2014-9644 264 2015-03-02 2018-01-04
2.1
None Local Low Not required None Partial None
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
2023 CVE-2014-9585 264 Bypass 2015-01-09 2018-01-04
2.1
None Local Low Not required None Partial None
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
2024 CVE-2014-9584 20 +Info 2015-01-09 2018-01-04
2.1
None Local Low Not required Partial None None
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
2025 CVE-2014-9568 200 +Info 2015-02-03 2019-07-11
2.1
None Local Low Not required Partial None None
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.
2026 CVE-2014-9507 79 XSS 2015-01-04 2015-01-13
2.6
None Remote High Not required None Partial None
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.
2027 CVE-2014-9478 79 XSS 2015-01-16 2015-01-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
2028 CVE-2014-9433 79 XSS 2014-12-31 2018-10-09
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter.
2029 CVE-2014-9419 200 Bypass +Info 2014-12-25 2018-01-04
2.1
None Local Low Not required Partial None None
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
2030 CVE-2014-9418 119 DoS Overflow 2014-12-24 2019-05-20
2.1
None Local Low Not required None None Partial
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
2031 CVE-2014-9417 20 DoS 2014-12-24 2019-05-20
2.1
None Local Low Not required None None Partial
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
2032 CVE-2014-9269 79 XSS 2015-01-09 2017-01-02
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
2033 CVE-2014-9252 200 +Info 2014-12-15 2016-03-21
2.1
None Local Low Not required Partial None None
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.
2034 CVE-2014-9191 399 DoS 2015-01-09 2016-12-07
2.1
None Local Low Not required None None Partial
The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop.
2035 CVE-2014-8991 264 DoS 2014-11-24 2016-11-22
2.1
None Local Low Not required None None Partial
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
2036 CVE-2014-8889 200 +Info 2017-09-25 2018-10-09
2.6
None Remote High Not required Partial None None
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.
2037 CVE-2014-8834 200 +Info 2015-01-30 2017-09-07
2.1
None Local Low Not required Partial None None
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
2038 CVE-2014-8833 284 2015-01-30 2017-09-07
2.1
None Local Low Not required Partial None None
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
2039 CVE-2014-8827 284 +Info 2015-01-30 2017-09-07
2.1
None Local Low Not required Partial None None
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
2040 CVE-2014-8733 200 +Info 2015-02-10 2015-02-11
2.1
None Local Low Not required Partial None None
Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.
2041 CVE-2014-8716 125 DoS 2017-04-11 2017-04-17
2.1
None Local Low Not required None None Partial
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
2042 CVE-2014-8607 200 +Info 2015-06-10 2015-06-11
2.1
None Local Low Not required Partial None None
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
2043 CVE-2014-8537 200 +Info 2014-10-29 2017-09-07
2.1
None Local Low Not required Partial None None
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.
2044 CVE-2014-8536 200 +Info 2014-10-29 2017-09-07
2.1
None Local Low Not required Partial None None
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.
2045 CVE-2014-8534 DoS 2014-10-29 2014-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.
2046 CVE-2014-8529 310 +Info 2014-10-29 2014-10-30
2.1
None Local Low Not required Partial None None
McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors.
2047 CVE-2014-8528 200 +Info 2014-10-29 2014-10-30
2.1
None Local Low Not required Partial None None
McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log.
2048 CVE-2014-8526 200 +Info 2014-10-29 2014-10-30
2.1
None Local Low Not required Partial None None
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.
2049 CVE-2014-8519 2014-10-29 2014-10-30
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors.
2050 CVE-2014-8518 255 2014-10-29 2014-11-18
2.1
None Local Low Not required Partial None None
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack.
Total number of vulnerabilities : 4868   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 (This Page)42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.