CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2015-1064 200 Bypass +Info 2015-03-12 2015-09-11
1.9
None Local Medium Not required Partial None None
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
402 CVE-2015-1009 200 +Info 2015-07-31 2015-08-04
1.7
None Local Low Single system Partial None None
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
403 CVE-2015-0875 200 +Info 2015-02-14 2015-02-19
1.8
None Local Network High Not required Partial None None
The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file.
404 CVE-2015-0498 2015-04-16 2017-01-02
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
405 CVE-2015-0493 2015-04-16 2018-10-09
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.
406 CVE-2015-0489 2015-04-16 2017-01-02
1.2
None Local High Not required Partial None None
Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin.
407 CVE-2015-0474 2015-04-16 2017-01-02
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493.
408 CVE-2015-0430 2015-01-21 2017-09-07
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
409 CVE-2015-0413 2015-01-21 2017-09-07
1.9
None Local Medium Not required None Partial None
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
410 CVE-2015-0296 264 2017-10-06 2017-11-01
1.2
None Local High Not required None Partial None
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
411 CVE-2015-0245 362 DoS 2015-02-13 2018-10-30
1.9
None Local Medium Not required None None Partial
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
412 CVE-2015-0010 310 Bypass 2015-02-10 2019-05-15
1.9
None Local Medium Not required Partial None None
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.
413 CVE-2015-0001 264 Bypass 2015-01-13 2018-10-12
1.9
None Local Medium Not required Partial None None
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
414 CVE-2014-9415 20 DoS 2014-12-24 2019-05-20
1.9
None Local Medium Not required None None Partial
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.
415 CVE-2014-8923 200 +Info 2015-03-24 2016-08-31
1.9
None Local Medium Not required Partial None None
The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.
416 CVE-2014-8595 17 DoS +Priv 2014-11-19 2018-10-30
1.9
None Local Medium Not required None None Partial
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
417 CVE-2014-7170 362 +Info 2014-12-17 2019-07-11
1.9
None Local Medium Not required Partial None None
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
418 CVE-2014-6540 2014-10-15 2014-11-18
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.
419 CVE-2014-6195 284 Bypass 2015-02-13 2017-09-07
1.9
None Local Medium Not required None Partial None
The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.
420 CVE-2014-6146 200 +Info 2014-11-08 2017-09-07
1.9
None Local Medium Not required Partial None None
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.
421 CVE-2014-6134 200 +Info 2015-03-24 2015-03-25
1.2
None Local High Not required Partial None None
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
422 CVE-2014-5423 255 +Info 2014-10-18 2014-10-22
1.9
None Local Medium Not required Partial None None
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.
423 CVE-2014-5233 200 +Info 2015-01-14 2015-11-13
1.9
None Local Medium Not required Partial None None
The Siemens SIMATIC WinCC [email protected] app before 1.0.2 for iOS allows physically proximate attackers to discover [email protected] credentials by leveraging an error in the credential-processing mechanism.
424 CVE-2014-5232 264 Bypass 2015-01-14 2015-11-13
1.9
None Local Medium Not required None Partial None
The Siemens SIMATIC WinCC [email protected] app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
425 CVE-2014-5177 20 2014-08-03 2019-04-22
1.2
None Local High Not required Partial None None
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
426 CVE-2014-5036 200 +Info 2014-09-05 2014-09-08
1.9
None Local Medium Not required Partial None None
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
427 CVE-2014-5030 59 2014-07-29 2017-01-06
1.9
None Local Medium Not required Partial None None
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
428 CVE-2014-5029 59 2014-07-29 2017-01-06
1.5
None Local Medium Single system Partial None None
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
429 CVE-2014-4995 362 +Info 2018-01-10 2018-01-30
1.9
None Local Medium Not required Partial None None
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
430 CVE-2014-4822 255 2014-10-18 2017-08-28
1.9
None Local Medium Not required Partial None None
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
431 CVE-2014-4812 200 +Info 2014-10-26 2017-08-28
1.8
None Local Network High Not required Partial None None
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.
432 CVE-2014-4450 255 2014-10-22 2017-08-28
1.9
None Local Medium Not required Partial None None
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
433 CVE-2014-4448 310 +Info 2014-10-22 2017-08-28
1.9
None Local Medium Not required Partial None None
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
434 CVE-2014-4447 310 2014-10-17 2017-08-28
1.9
None Local Medium Not required Partial None None
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.
435 CVE-2014-4421 +Info 2014-09-18 2017-08-28
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
436 CVE-2014-4420 +Info 2014-09-18 2017-08-28
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
437 CVE-2014-4419 +Info 2014-09-18 2017-08-28
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
438 CVE-2014-4386 362 +Priv 2014-09-18 2017-08-28
1.9
None Local Medium Not required None Partial None
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
439 CVE-2014-4384 22 Dir. Trav. 2014-09-18 2017-08-28
1.9
None Local Medium Not required None Partial None
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
440 CVE-2014-4371 +Info 2014-09-18 2017-08-28
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
441 CVE-2014-4248 2014-07-17 2018-10-09
1.0
None Local High Single system Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.
442 CVE-2014-3956 200 +Info 2014-06-04 2017-12-28
1.9
None Local Medium Not required Partial None None
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
443 CVE-2014-3716 20 DoS 2014-05-19 2018-10-30
1.9
None Local Medium Not required None None Partial
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
444 CVE-2014-3636 399 DoS 2014-10-25 2018-10-30
1.9
None Local Medium Not required None None Partial
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
445 CVE-2014-3537 59 2014-07-23 2017-01-06
1.2
None Local High Not required Partial None None
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
446 CVE-2014-2926 DoS 2014-07-14 2014-07-15
1.7
None Local Low Single system None None Partial
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
447 CVE-2014-2893 59 +Info 2014-04-23 2018-10-30
1.9
None Local Medium Not required Partial None None
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
448 CVE-2014-2603 +Info 2014-05-09 2019-10-09
1.7
None Remote High Multiple systems Partial None None
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.
449 CVE-2014-2488 2014-07-17 2018-10-09
1.0
None Local High Single system Partial None None
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.
450 CVE-2014-2485 2014-07-17 2018-10-09
1.4
None Local Low Multiple systems Partial None None
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.
Total number of vulnerabilities : 914   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.