CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2019-0837 200 +Info 2019-04-09 2019-04-10
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.
252 CVE-2019-0814 200 +Info 2019-04-09 2019-04-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.
253 CVE-2019-0796 264 2019-04-09 2019-05-08
2.1
None Local Low Not required None Partial None
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
254 CVE-2019-0782 200 +Info 2019-04-08 2019-04-09
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.
255 CVE-2019-0776 200 +Info 2019-04-08 2019-04-09
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
256 CVE-2019-0767 200 +Info 2019-04-08 2019-04-10
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.
257 CVE-2019-0759 200 +Info 2019-04-08 2019-04-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.
258 CVE-2019-0755 200 +Info 2019-04-08 2019-06-24
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.
259 CVE-2019-0702 200 +Info 2019-04-08 2019-05-08
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.
260 CVE-2019-0612 254 Exec Code Bypass 2019-04-08 2019-04-09
2.6
None Remote High Not required None Partial None
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
261 CVE-2019-0569 200 +Info 2019-01-08 2019-05-08
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554.
262 CVE-2019-0554 200 +Info 2019-01-08 2019-05-08
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569.
263 CVE-2019-0553 200 +Info 2019-01-08 2019-01-14
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
264 CVE-2019-0549 200 +Info 2019-01-08 2019-05-08
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569.
265 CVE-2019-0536 200 +Info 2019-01-08 2019-05-08
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569.
266 CVE-2019-0353 200 +Info 2019-09-10 2019-09-10
2.1
None Local Low Not required Partial None None
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
267 CVE-2019-0307 255 +Priv 2019-06-12 2019-06-12
2.7
None Local Network Low Single system Partial None None
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
268 CVE-2019-0291 200 +Info 2019-05-14 2019-05-15
2.1
None Local Low Not required Partial None None
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
269 CVE-2019-0183 200 +Info 2019-06-13 2019-06-24
2.1
None Local Low Not required Partial None None
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
270 CVE-2019-0182 22 Dir. Trav. 2019-06-13 2019-06-24
2.1
None Local Low Not required Partial None None
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
271 CVE-2019-0174 200 +Info 2019-06-13 2019-06-19
2.1
None Local Low Not required Partial None None
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.
272 CVE-2019-0162 200 +Info 2019-04-17 2019-05-07
2.1
None Local Low Not required Partial None None
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
273 CVE-2019-0161 119 DoS Overflow 2019-03-27 2019-05-21
2.1
None Local Low Not required None None Partial
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
274 CVE-2019-0157 20 DoS 2019-06-13 2019-06-24
2.1
None Local Low Not required None None Partial
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
275 CVE-2019-0127 200 +Info 2019-02-18 2019-04-01
2.1
None Local Low Not required Partial None None
Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access.
276 CVE-2019-0120 284 DoS 2019-05-17 2019-06-06
2.1
None Local Low Not required None None Partial
Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.
277 CVE-2019-0116 125 DoS 2019-05-17 2019-05-21
2.1
None Local Low Not required None None Partial
An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access.
278 CVE-2019-0115 20 DoS 2019-05-17 2019-05-21
2.1
None Local Low Not required None None Partial
Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access.
279 CVE-2019-0113 119 DoS Overflow 2019-05-17 2019-05-21
2.1
None Local Low Not required None None Partial
Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.
280 CVE-2019-0093 200 +Info 2019-05-17 2019-06-19
2.1
None Local Low Not required Partial None None
Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.
281 CVE-2019-0032 255 2019-04-10 2019-04-12
2.1
None Local Low Not required Partial None None
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
282 CVE-2018-1999041 200 +Info 2018-08-01 2018-10-03
2.1
None Local Low Not required Partial None None
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
283 CVE-2018-1000860 79 Exec Code XSS 2018-12-20 2019-01-08
2.6
None Remote High Not required None Partial None
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..
284 CVE-2018-1000410 200 +Info 2019-01-09 2019-05-08
2.1
None Local Low Not required Partial None None
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.
285 CVE-2018-1000404 255 2018-07-09 2018-09-10
2.1
None Local Low Not required Partial None None
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.
286 CVE-2018-1000403 255 2018-07-09 2018-09-10
2.1
None Local Low Not required Partial None None
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later.
287 CVE-2018-1000401 255 2018-07-09 2018-09-10
2.1
None Local Low Not required Partial None None
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.
288 CVE-2018-1000150 200 +Info 2018-04-05 2018-05-15
2.1
None Local Low Not required Partial None None
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
289 CVE-2018-1000143 200 +Info 2018-04-05 2018-05-15
2.1
None Local Low Not required Partial None None
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
290 CVE-2018-1000142 200 +Info 2018-04-05 2018-05-15
2.1
None Local Low Not required Partial None None
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
291 CVE-2018-1000104 255 2018-03-13 2018-04-11
2.1
None Local Low Not required Partial None None
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
292 CVE-2018-1000022 285 2018-02-09 2018-03-09
2.6
None Remote High Not required Partial None None
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.
293 CVE-2018-1000018 532 2018-01-24 2018-08-07
2.1
None Local Low Not required Partial None None
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
294 CVE-2018-20956 532 2019-08-08 2019-08-16
2.1
None Local Low Not required Partial None None
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.
295 CVE-2018-20947 668 2019-08-01 2019-08-08
2.1
None Local Low Not required None Partial None
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
296 CVE-2018-20946 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
297 CVE-2018-20944 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
298 CVE-2018-20940 362 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
299 CVE-2018-20939 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
300 CVE-2018-20936 320 2019-08-01 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
Total number of vulnerabilities : 4765   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.