CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2003-0986 DoS 2003-12-31 2017-10-11
1.7
None Local Low ??? None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
852 CVE-2004-2657 2004-12-31 2018-10-19
1.7
None Local Low ??? Partial None None
** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
853 CVE-2005-1976 DoS Exec Code 2005-12-31 2008-09-05
1.7
None Local Low ??? None None Partial
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
854 CVE-2005-2993 DoS 2005-09-20 2018-10-19
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
855 CVE-2006-0386 2006-03-03 2017-07-20
1.7
None Local Low ??? Partial None None
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
856 CVE-2006-0391 Dir. Trav. 2006-03-03 2017-07-20
1.7
None Local Low ??? None Partial None
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
857 CVE-2006-0554 +Info 2006-03-07 2018-10-03
1.7
None Local Low ??? None Partial None
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
858 CVE-2006-0920 2006-02-28 2018-10-18
1.7
None Local Low ??? Partial None None
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.
859 CVE-2006-0956 DoS 2006-03-02 2011-03-08
1.7
None Local Low ??? None None Partial
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server.
860 CVE-2006-1601 2006-04-04 2017-07-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.
861 CVE-2006-4642 +Info 2006-09-08 2018-10-17
1.7
None Local Low ??? Partial None None
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
862 CVE-2006-5749 2006-12-31 2010-09-15
1.7
None Local Low ??? None None Partial
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
863 CVE-2006-6107 DoS 2006-12-14 2017-10-11
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
864 CVE-2006-6286 +Info 2006-12-04 2017-07-29
1.7
None Local Low ??? Partial None None
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
865 CVE-2006-6510 Bypass 2006-12-14 2018-10-17
1.7
None Local Low ??? Partial None None
An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.
866 CVE-2006-6653 20 DoS 2006-12-20 2011-07-25
1.7
None Local Low ??? None None Partial
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
867 CVE-2006-6655 DoS 2006-12-20 2008-09-05
1.7
None Local Low ??? None None Partial
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.
868 CVE-2007-0287 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
869 CVE-2007-0288 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
870 CVE-2007-0294 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
871 CVE-2007-3700 +Priv 2007-07-11 2017-07-29
1.7
None Local Low ??? Partial None None
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
872 CVE-2008-0996 255 2008-03-18 2017-08-08
1.7
None Local Low ??? Partial None None
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
873 CVE-2008-1754 310 +Info 2008-04-11 2017-08-08
1.7
None Local Low ??? Partial None None
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
874 CVE-2008-2619 2008-10-14 2017-08-08
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.
875 CVE-2008-3973 2009-01-14 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
876 CVE-2009-0905 20 +Priv 2011-10-30 2017-08-17
1.7
None Local Low ??? None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
877 CVE-2009-1990 2009-10-22 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
878 CVE-2009-3401 2009-10-22 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.
879 CVE-2010-3406 2010-09-16 2017-09-19
1.7
None Local Low ??? None Partial None
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
880 CVE-2011-0790 2011-04-20 2011-04-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
881 CVE-2011-0796 2011-04-20 2011-04-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors.
882 CVE-2011-1820 200 +Info 2011-04-21 2017-08-17
1.7
None Local Low ??? Partial None None
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
883 CVE-2011-2240 2011-07-20 2011-10-05
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.
884 CVE-2011-2291 2011-07-21 2011-10-05
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
885 CVE-2011-2311 2011-10-18 2016-11-22
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313.
886 CVE-2011-2312 2011-10-18 2011-12-24
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.
887 CVE-2011-3539 2011-10-18 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
888 CVE-2012-0075 2012-01-18 2019-12-17
1.7
None Remote High ??? None Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
889 CVE-2012-0174 264 Bypass +Info 2012-05-09 2018-10-12
1.7
None Local Low ??? Partial None None
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
890 CVE-2012-0494 2012-01-18 2019-12-17
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
891 CVE-2012-3162 2012-10-16 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.
892 CVE-2012-3215 2012-10-17 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
893 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
None Local Low ??? Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
894 CVE-2013-1499 2013-04-17 2013-10-11
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
895 CVE-2013-2382 2013-04-17 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
896 CVE-2013-2997 264 2013-09-08 2017-08-29
1.7
None Local Low ??? Partial None None
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
897 CVE-2013-5865 2013-10-16 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration.
898 CVE-2013-5874 2014-01-15 2014-02-07
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging.
899 CVE-2013-5885 2014-01-15 2017-08-29
1.7
None Local Low ??? None Partial None
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.
900 CVE-2014-1444 399 +Info 2014-01-18 2017-08-29
1.7
None Local Low ??? Partial None None
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
Total number of vulnerabilities : 1121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.