CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2015-7435 254 Bypass 2016-01-02 2016-01-07
1.9
None Local Medium Not required None Partial None
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.
302 CVE-2015-7404 200 Exec Code +Info 2015-11-13 2015-11-19
1.9
None Local Medium Not required Partial None None
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
303 CVE-2015-7328 200 +Info 2016-01-08 2016-01-11
1.9
None Local Medium Not required Partial None None
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
304 CVE-2015-7269 254 Bypass 2017-11-27 2017-12-20
1.9
None Local Medium Not required Partial None None
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."
305 CVE-2015-7268 254 Bypass 2017-11-27 2017-12-20
1.9
None Local Medium Not required Partial None None
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."
306 CVE-2015-7267 254 Bypass 2017-11-27 2017-12-20
1.9
None Local Medium Not required Partial None None
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."
307 CVE-2015-6563 20 2015-08-23 2018-09-11
1.9
None Local Medium Not required None Partial None
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
308 CVE-2015-5960 284 Bypass 2015-08-07 2015-08-21
1.9
None Local Medium Not required Partial None None
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation.
309 CVE-2015-5464 284 Bypass 2015-07-22 2016-03-31
1.3
None Local Medium Multiple systems Partial None None
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.
310 CVE-2015-5313 22 Dir. Trav. 2016-04-11 2018-01-04
1.9
None Local Medium Not required None Partial None
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
311 CVE-2015-4990 200 +Info 2016-01-02 2016-01-06
1.9
None Local Medium Not required Partial None None
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
312 CVE-2015-4878 2015-10-21 2018-10-09
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.
313 CVE-2015-4877 2015-10-21 2018-10-09
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.
314 CVE-2015-4823 2015-10-21 2016-12-23
1.2
None Local High Not required Partial None None
Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy.
315 CVE-2015-4822 2015-10-21 2016-12-23
1.2
None Local High Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.
316 CVE-2015-4811 2015-10-21 2016-12-07
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809.
317 CVE-2015-4809 2015-10-21 2016-12-07
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811.
318 CVE-2015-4808 2016-01-20 2017-09-09
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432.
319 CVE-2015-4792 2015-10-21 2018-10-30
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
320 CVE-2015-4767 2015-07-16 2018-01-04
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.
321 CVE-2015-4766 2015-10-21 2016-12-23
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.
322 CVE-2015-4037 17 DoS 2015-08-26 2016-12-23
1.9
None Local Medium Not required None None Partial
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
323 CVE-2015-3785 Bypass 2015-10-09 2016-12-07
1.9
None Local Medium Not required None Partial None
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
324 CVE-2015-3142 200 +Info 2017-06-26 2018-01-04
1.9
None Local Medium Not required Partial None None
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
325 CVE-2015-2830 264 Bypass 2015-05-27 2018-01-04
1.9
None Local Medium Not required None Partial None
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
326 CVE-2015-2687 284 2017-08-09 2017-08-24
1.9
None Local Medium Not required Partial None None
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
327 CVE-2015-2662 2015-07-16 2017-09-21
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
328 CVE-2015-2580 2015-07-16 2017-09-21
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
329 CVE-2015-2534 17 Bypass 2015-09-08 2018-10-12
1.9
None Local Medium Not required None Partial None
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability."
330 CVE-2015-2152 264 2015-03-18 2018-10-30
1.9
None Local Medium Not required None Partial None
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
331 CVE-2015-1985 284 Bypass 2016-01-02 2016-01-07
1.9
None Local Medium Not required Partial None None
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.
332 CVE-2015-1901 200 +Info 2015-06-28 2016-11-29
1.9
None Local Medium Not required Partial None None
The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.
333 CVE-2015-1798 17 2015-04-08 2018-01-04
1.8
None Local Network High Not required None Partial None
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
334 CVE-2015-1681 119 DoS Overflow 2015-05-13 2018-10-12
1.9
None Local Medium Not required None None Partial
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."
335 CVE-2015-1674 20 Bypass 2015-05-13 2018-10-12
1.9
None Local Medium Not required Partial None None
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
336 CVE-2015-1420 362 Bypass 2015-03-16 2016-12-27
1.9
None Local Medium Not required Partial None None
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
337 CVE-2015-1197 2015-02-19 2016-12-05
1.9
None Local Medium Not required None Partial None
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
338 CVE-2015-1146 310 Bypass 2015-04-10 2015-09-17
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
339 CVE-2015-1145 310 Bypass 2015-04-10 2015-09-17
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
340 CVE-2015-1114 200 +Info 2015-04-10 2017-01-02
1.9
None Local Medium Not required Partial None None
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
341 CVE-2015-1113 200 +Info 2015-04-10 2017-01-02
1.9
None Local Medium Not required Partial None None
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
342 CVE-2015-1107 2015-04-10 2017-01-02
1.9
None Local Medium Not required None Partial None
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
343 CVE-2015-1097 200 +Info 2015-04-10 2017-01-02
1.9
None Local Medium Not required Partial None None
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
344 CVE-2015-1096 200 +Info 2015-04-10 2016-12-07
1.9
None Local Medium Not required Partial None None
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
345 CVE-2015-1094 200 +Info 2015-04-10 2017-01-02
1.9
None Local Medium Not required Partial None None
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
346 CVE-2015-1085 264 2015-04-10 2017-01-02
1.9
None Local Medium Not required Partial None None
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
347 CVE-2015-1064 200 Bypass +Info 2015-03-12 2015-09-11
1.9
None Local Medium Not required Partial None None
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
348 CVE-2015-1009 200 +Info 2015-07-31 2015-08-04
1.7
None Local Low Single system Partial None None
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
349 CVE-2015-0875 200 +Info 2015-02-14 2015-02-19
1.8
None Local Network High Not required Partial None None
The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file.
350 CVE-2015-0498 2015-04-16 2017-01-02
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Total number of vulnerabilities : 845   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.