CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2005-2993 DoS 2005-09-20 2018-10-19
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
902 CVE-2006-0386 2006-03-03 2017-07-20
1.7
None Local Low ??? Partial None None
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
903 CVE-2006-0391 Dir. Trav. 2006-03-03 2017-07-20
1.7
None Local Low ??? None Partial None
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
904 CVE-2006-0554 +Info 2006-03-07 2018-10-03
1.7
None Local Low ??? None Partial None
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
905 CVE-2006-0920 2006-02-28 2018-10-18
1.7
None Local Low ??? Partial None None
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.
906 CVE-2006-0956 DoS 2006-03-02 2011-03-08
1.7
None Local Low ??? None None Partial
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server.
907 CVE-2006-1601 2006-04-04 2017-07-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.
908 CVE-2006-4642 +Info 2006-09-08 2018-10-17
1.7
None Local Low ??? Partial None None
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
909 CVE-2006-5749 2006-12-31 2010-09-15
1.7
None Local Low ??? None None Partial
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
910 CVE-2006-6107 DoS 2006-12-14 2017-10-11
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
911 CVE-2006-6286 +Info 2006-12-04 2017-07-29
1.7
None Local Low ??? Partial None None
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
912 CVE-2006-6510 Bypass 2006-12-14 2018-10-17
1.7
None Local Low ??? Partial None None
An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.
913 CVE-2006-6653 20 DoS 2006-12-20 2011-07-25
1.7
None Local Low ??? None None Partial
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
914 CVE-2006-6655 DoS 2006-12-20 2008-09-05
1.7
None Local Low ??? None None Partial
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.
915 CVE-2007-0287 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
916 CVE-2007-0288 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
917 CVE-2007-0294 2007-01-17 2017-07-29
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
918 CVE-2007-3700 +Priv 2007-07-11 2017-07-29
1.7
None Local Low ??? Partial None None
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
919 CVE-2008-0996 255 2008-03-18 2017-08-08
1.7
None Local Low ??? Partial None None
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
920 CVE-2008-1754 310 +Info 2008-04-11 2017-08-08
1.7
None Local Low ??? Partial None None
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
921 CVE-2008-2619 2008-10-14 2017-08-08
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.
922 CVE-2008-3973 2009-01-14 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
923 CVE-2009-0905 20 +Priv 2011-10-30 2017-08-17
1.7
None Local Low ??? None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
924 CVE-2009-1990 2009-10-22 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
925 CVE-2009-3401 2009-10-22 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.
926 CVE-2010-3406 2010-09-16 2017-09-19
1.7
None Local Low ??? None Partial None
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
927 CVE-2011-0790 2011-04-20 2011-04-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
928 CVE-2011-0796 2011-04-20 2011-04-20
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors.
929 CVE-2011-1820 200 +Info 2011-04-21 2017-08-17
1.7
None Local Low ??? Partial None None
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
930 CVE-2011-2240 2011-07-20 2011-10-05
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.
931 CVE-2011-2291 2011-07-21 2011-10-05
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
932 CVE-2011-2311 2011-10-18 2016-11-22
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313.
933 CVE-2011-2312 2011-10-18 2011-12-24
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.
934 CVE-2011-3539 2011-10-18 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
935 CVE-2012-0075 2012-01-18 2019-12-17
1.7
None Remote High ??? None Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
936 CVE-2012-0174 264 Bypass +Info 2012-05-09 2018-10-12
1.7
None Local Low ??? Partial None None
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
937 CVE-2012-0494 2012-01-18 2019-12-17
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
938 CVE-2012-3162 2012-10-16 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.
939 CVE-2012-3215 2012-10-17 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
940 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
None Local Low ??? Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
941 CVE-2013-1499 2013-04-17 2013-10-11
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
942 CVE-2013-2382 2013-04-17 2013-10-11
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
943 CVE-2013-2997 264 2013-09-08 2017-08-29
1.7
None Local Low ??? Partial None None
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
944 CVE-2013-5865 2013-10-16 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration.
945 CVE-2013-5874 2014-01-15 2014-02-07
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging.
946 CVE-2013-5885 2014-01-15 2017-08-29
1.7
None Local Low ??? None Partial None
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.
947 CVE-2014-1444 399 +Info 2014-01-18 2017-08-29
1.7
None Local Low ??? Partial None None
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
948 CVE-2014-2603 +Info 2014-05-10 2019-10-09
1.7
None Remote High ??? Partial None None
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.
949 CVE-2014-2926 DoS 2014-07-14 2014-07-15
1.7
None Local Low ??? None None Partial
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
950 CVE-2015-0498 2015-04-16 2017-01-03
1.7
None Remote High ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.