| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2010-4075 |
200 |
|
+Info |
2010-11-29 |
2020-08-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
102 |
CVE-2010-4076 |
200 |
|
+Info |
2010-11-29 |
2020-08-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
103 |
CVE-2010-4077 |
200 |
|
+Info |
2010-11-29 |
2020-08-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
104 |
CVE-2010-4078 |
909 |
|
+Info |
2010-11-29 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
105 |
CVE-2010-4079 |
200 |
|
+Info |
2010-11-29 |
2020-08-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
106 |
CVE-2010-4081 |
909 |
|
+Info |
2010-11-30 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. |
|
107 |
CVE-2010-4082 |
909 |
|
+Info |
2010-11-30 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. |
|
108 |
CVE-2010-4083 |
909 |
|
+Info |
2010-11-30 |
2020-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. |
|
109 |
CVE-2010-4212 |
264 |
|
+Info |
2010-11-09 |
2010-12-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. |
|
110 |
CVE-2010-4525 |
200 |
|
+Info |
2011-01-11 |
2017-08-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. |
|
111 |
CVE-2010-4758 |
310 |
|
|
2011-03-18 |
2011-03-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. |
|
112 |
CVE-2010-5092 |
255 |
|
+Info |
2012-08-26 |
2012-08-27 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. |
|
113 |
CVE-2010-5292 |
200 |
|
+Info |
2014-01-10 |
2014-01-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. |
|
114 |
CVE-2011-0006 |
264 |
|
Bypass |
2012-06-21 |
2012-06-26 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. |
|
115 |
CVE-2011-0523 |
264 |
|
|
2012-08-13 |
2013-12-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. |
|
116 |
CVE-2011-1016 |
20 |
|
|
2011-02-28 |
2020-08-11 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. |
|
117 |
CVE-2011-1019 |
|
|
Bypass |
2013-03-01 |
2020-08-03 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability. |
|
118 |
CVE-2011-1073 |
59 |
|
|
2011-03-04 |
2018-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. |
|
119 |
CVE-2011-1074 |
200 |
|
Dir. Trav. +Info |
2011-03-04 |
2018-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. |
|
120 |
CVE-2011-1078 |
200 |
|
+Info |
2012-06-21 |
2015-05-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. |
|
121 |
CVE-2011-1098 |
362 |
|
|
2011-03-30 |
2011-04-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. |
|
122 |
CVE-2011-1155 |
399 |
|
DoS |
2011-03-30 |
2011-04-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. |
|
123 |
CVE-2011-1310 |
200 |
|
+Info |
2011-03-08 |
2011-04-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. |
|
124 |
CVE-2011-1378 |
264 |
|
|
2011-11-26 |
2017-08-17 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. |
|
125 |
CVE-2011-1488 |
772 |
|
|
2019-11-14 |
2019-11-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. |
|
126 |
CVE-2011-2204 |
200 |
|
+Info |
2011-06-29 |
2019-03-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. |
|
127 |
CVE-2011-2267 |
|
|
|
2011-07-21 |
2014-01-14 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. |
|
128 |
CVE-2011-2492 |
200 |
|
+Info |
2011-07-28 |
2020-07-31 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. |
|
129 |
CVE-2011-2693 |
|
|
DoS |
2013-06-08 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors. |
|
130 |
CVE-2011-2898 |
200 |
|
+Info |
2012-05-24 |
2020-07-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. |
|
131 |
CVE-2011-3153 |
59 |
|
|
2014-03-06 |
2014-03-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. |
|
132 |
CVE-2011-3154 |
59 |
|
|
2014-04-17 |
2014-05-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. |
|
133 |
CVE-2011-3541 |
|
|
|
2011-10-18 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows local users to affect availability via unknown vectors related to Outside In Filters. |
|
134 |
CVE-2011-3585 |
362 |
|
DoS |
2019-12-31 |
2020-01-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. |
|
135 |
CVE-2011-3685 |
310 |
|
+Info |
2011-09-27 |
2012-05-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. |
|
136 |
CVE-2011-3692 |
310 |
|
+Info |
2011-09-27 |
2012-05-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. |
|
137 |
CVE-2011-3693 |
310 |
|
|
2011-09-27 |
2012-05-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. |
|
138 |
CVE-2011-4029 |
362 |
|
DoS |
2012-07-03 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. |
|
139 |
CVE-2011-4098 |
119 |
|
DoS Overflow |
2013-06-08 |
2013-06-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory. |
|
140 |
CVE-2011-4105 |
59 |
|
|
2012-02-17 |
2014-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. |
|
141 |
CVE-2011-4944 |
264 |
|
|
2012-08-27 |
2019-10-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. |
|
142 |
CVE-2011-5118 |
362 |
|
Bypass |
2012-08-26 |
2012-08-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. |
|
143 |
CVE-2011-5119 |
362 |
|
Bypass |
2012-08-26 |
2012-08-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. |
|
144 |
CVE-2011-5204 |
255 |
1
|
+Info |
2012-10-04 |
2012-10-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. |
|
145 |
CVE-2012-0098 |
|
|
|
2012-01-18 |
2018-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813. |
|
146 |
CVE-2012-0218 |
|
|
DoS |
2012-12-03 |
2013-10-11 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. |
|
147 |
CVE-2012-0700 |
255 |
|
Bypass |
2013-01-31 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. |
|
148 |
CVE-2012-0742 |
200 |
|
+Info |
2012-04-09 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. |
|
149 |
CVE-2012-1106 |
264 |
|
+Info |
2012-07-03 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. |
|
150 |
CVE-2012-1568 |
|
|
Bypass |
2013-03-01 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. |
