| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
901 |
CVE-2005-2993 |
|
|
DoS |
2005-09-20 |
2018-10-19 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang). |
|
902 |
CVE-2006-0386 |
|
|
|
2006-03-03 |
2017-07-20 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. |
|
903 |
CVE-2006-0391 |
|
|
Dir. Trav. |
2006-03-03 |
2017-07-20 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. |
|
904 |
CVE-2006-0554 |
|
|
+Info |
2006-03-07 |
2018-10-03 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data. |
|
905 |
CVE-2006-0920 |
|
|
|
2006-02-28 |
2018-10-18 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password. |
|
906 |
CVE-2006-0956 |
|
|
DoS |
2006-03-02 |
2011-03-08 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. |
|
907 |
CVE-2006-1601 |
|
|
|
2006-04-04 |
2017-07-20 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors. |
|
908 |
CVE-2006-4642 |
|
|
+Info |
2006-09-08 |
2018-10-17 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file. |
|
909 |
CVE-2006-5749 |
|
|
|
2006-12-31 |
2010-09-15 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. |
|
910 |
CVE-2006-6107 |
|
|
DoS |
2006-12-14 |
2017-10-11 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). |
|
911 |
CVE-2006-6286 |
|
|
+Info |
2006-12-04 |
2017-07-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
912 |
CVE-2006-6510 |
|
|
Bypass |
2006-12-14 |
2018-10-17 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. |
|
913 |
CVE-2006-6653 |
20 |
|
DoS |
2006-12-20 |
2011-07-25 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). |
|
914 |
CVE-2006-6655 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. |
|
915 |
CVE-2007-0287 |
|
|
|
2007-01-17 |
2017-07-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. |
|
916 |
CVE-2007-0288 |
|
|
|
2007-01-17 |
2017-07-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. |
|
917 |
CVE-2007-0294 |
|
|
|
2007-01-17 |
2017-07-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. |
|
918 |
CVE-2007-3700 |
|
|
+Priv |
2007-07-11 |
2017-07-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. |
|
919 |
CVE-2008-0996 |
255 |
|
|
2008-03-18 |
2017-08-08 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. |
|
920 |
CVE-2008-1754 |
310 |
|
+Info |
2008-04-11 |
2017-08-08 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. |
|
921 |
CVE-2008-2619 |
|
|
|
2008-10-14 |
2017-08-08 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors. |
|
922 |
CVE-2008-3973 |
|
|
|
2009-01-14 |
2012-10-23 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors. |
|
923 |
CVE-2009-0905 |
20 |
|
+Priv |
2011-10-30 |
2017-08-17 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. |
|
924 |
CVE-2009-1990 |
|
|
|
2009-10-22 |
2012-10-23 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors. |
|
925 |
CVE-2009-3401 |
|
|
|
2009-10-22 |
2012-10-23 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors. |
|
926 |
CVE-2010-3406 |
|
|
|
2010-09-16 |
2017-09-19 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors. |
|
927 |
CVE-2011-0790 |
|
|
|
2011-04-20 |
2011-04-20 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem. |
|
928 |
CVE-2011-0796 |
|
|
|
2011-04-20 |
2011-04-20 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors. |
|
929 |
CVE-2011-1820 |
200 |
|
+Info |
2011-04-21 |
2017-08-17 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log. |
|
930 |
CVE-2011-2240 |
|
|
|
2011-07-20 |
2011-10-05 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors. |
|
931 |
CVE-2011-2291 |
|
|
|
2011-07-21 |
2011-10-05 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions. |
|
932 |
CVE-2011-2311 |
|
|
|
2011-10-18 |
2016-11-22 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313. |
|
933 |
CVE-2011-2312 |
|
|
|
2011-10-18 |
2011-12-24 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS. |
|
934 |
CVE-2011-3539 |
|
|
|
2011-10-18 |
2017-08-29 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones. |
|
935 |
CVE-2012-0075 |
|
|
|
2012-01-18 |
2019-12-17 |
1.7 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. |
|
936 |
CVE-2012-0174 |
264 |
|
Bypass +Info |
2012-05-09 |
2018-10-12 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." |
|
937 |
CVE-2012-0494 |
|
|
|
2012-01-18 |
2019-12-17 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors. |
|
938 |
CVE-2012-3162 |
|
|
|
2012-10-16 |
2013-10-11 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading. |
|
939 |
CVE-2012-3215 |
|
|
|
2012-10-17 |
2013-10-11 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. |
|
940 |
CVE-2013-0982 |
200 |
|
Bypass +Info |
2013-06-05 |
2013-06-05 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. |
|
941 |
CVE-2013-1499 |
|
|
|
2013-04-17 |
2013-10-11 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. |
|
942 |
CVE-2013-2382 |
|
|
|
2013-04-17 |
2013-10-11 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE. |
|
943 |
CVE-2013-2997 |
264 |
|
|
2013-09-08 |
2017-08-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. |
|
944 |
CVE-2013-5865 |
|
|
|
2013-10-16 |
2017-08-29 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. |
|
945 |
CVE-2013-5874 |
|
|
|
2014-01-15 |
2014-02-07 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging. |
|
946 |
CVE-2013-5885 |
|
|
|
2014-01-15 |
2017-08-29 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit. |
|
947 |
CVE-2014-1444 |
399 |
|
+Info |
2014-01-18 |
2017-08-29 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. |
|
948 |
CVE-2014-2603 |
|
|
+Info |
2014-05-10 |
2019-10-09 |
1.7 |
None |
Remote |
High |
??? |
Partial |
None |
None |
|
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
949 |
CVE-2014-2926 |
|
|
DoS |
2014-07-14 |
2014-07-15 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. |
|
950 |
CVE-2015-0498 |
|
|
|
2015-04-16 |
2017-01-03 |
1.7 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. |
