CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3801 CVE-2017-2715 200 +Info 2017-11-22 2017-12-11
2.1
None Local Low Not required Partial None None
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.
3802 CVE-2017-2710 Bypass 2017-11-22 2019-10-03
2.1
None Local Low Not required None Partial None
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.
3803 CVE-2017-2705 Bypass 2017-11-22 2019-10-03
2.1
None Local Low Not required None None Partial
Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone.
3804 CVE-2017-2626 331 2018-07-27 2019-07-14
2.1
None Local Low Not required Partial None None
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
3805 CVE-2017-2625 320 2018-07-27 2019-10-09
2.1
None Local Low Not required Partial None None
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
3806 CVE-2017-2622 200 +Info 2018-07-27 2021-08-04
2.1
None Local Low Not required Partial None None
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
3807 CVE-2017-2621 532 2018-07-27 2021-08-04
2.1
None Local Low Not required Partial None None
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
3808 CVE-2017-2614 640 2018-07-27 2019-10-09
2.1
None Local Low Not required None Partial None
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
3809 CVE-2017-2592 532 +Info 2018-05-08 2019-10-09
2.1
None Local Low Not required Partial None None
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
3810 CVE-2017-2452 200 +Info 2017-04-02 2017-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.
3811 CVE-2017-2418 200 +Info 2017-04-02 2017-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.
3812 CVE-2017-2399 326 2017-04-02 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).
3813 CVE-2017-2397 200 +Info 2017-04-02 2017-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.
3814 CVE-2017-2390 59 2017-04-02 2019-10-03
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
3815 CVE-2017-2387 295 +Info 2017-04-07 2019-10-03
2.9
None Local Network Medium Not required Partial None None
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
3816 CVE-2017-2385 200 +Info 2017-04-02 2017-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
3817 CVE-2017-2384 200 +Info 2017-04-02 2017-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.
3818 CVE-2017-2352 Bypass 2017-02-20 2019-10-03
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors.
3819 CVE-2017-2351 20 Bypass 2017-02-20 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors.
3820 CVE-2017-2329 287 2017-04-24 2017-04-27
2.1
None Local Low Not required None None Partial
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.
3821 CVE-2017-2328 200 +Info 2017-04-24 2017-04-27
2.1
None Local Low Not required Partial None None
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.
3822 CVE-2017-2322 400 DoS 2017-04-24 2019-10-03
2.1
None Local Low Not required None None Partial
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
3823 CVE-2017-2316 119 DoS Overflow 2017-04-24 2017-04-27
2.1
None Local Low Not required None None Partial
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
3824 CVE-2017-2161 425 Bypass 2017-05-22 2019-10-03
2.7
None Local Network Low ??? Partial None None
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
3825 CVE-2017-2109 200 +Info 2017-04-28 2017-05-10
2.6
None Remote High Not required Partial None None
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
3826 CVE-2017-1795 532 +Info 2018-07-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
3827 CVE-2017-1787 798 2018-03-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.
3828 CVE-2017-1784 200 +Info 2018-01-29 2019-09-30
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.
3829 CVE-2017-1783 287 2018-01-29 2019-10-03
2.1
None Local Low Not required None Partial None
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
3830 CVE-2017-1779 522 2018-01-29 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
3831 CVE-2017-1756 200 +Info 2018-03-30 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
3832 CVE-2017-1733 532 2018-04-04 2019-10-09
2.1
None Local Low Not required Partial None None
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
3833 CVE-2017-1716 732 2017-12-13 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
3834 CVE-2017-1681 200 +Info 2018-01-11 2018-02-10
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.
3835 CVE-2017-1679 200 +Info 2018-09-10 2019-10-09
2.1
None Local Low Not required Partial None None
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
3836 CVE-2017-1654 200 +Info 2018-03-02 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
3837 CVE-2017-1596 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.
3838 CVE-2017-1595 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.
3839 CVE-2017-1575 327 2018-07-20 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.
3840 CVE-2017-1571 327 2018-03-22 2019-10-09
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
3841 CVE-2017-1545 2018-01-26 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
3842 CVE-2017-1544 200 +Info 2018-07-20 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.
3843 CVE-2017-1478 200 +Info 2018-01-11 2018-02-01
2.1
None Local Low Not required Partial None None
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
3844 CVE-2017-1441 2017-08-30 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
3845 CVE-2017-1434 200 +Info 2017-09-12 2017-09-20
2.1
None Local Low Not required Partial None None
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
3846 CVE-2017-1422 200 +Info 2017-08-22 2017-08-30
2.1
None Local Low Not required Partial None None
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
3847 CVE-2017-1381 200 +Info 2017-07-21 2019-05-03
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
3848 CVE-2017-1378 522 2017-10-05 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
3849 CVE-2017-1362 522 2017-09-25 2019-10-03
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
3850 CVE-2017-1349 200 +Info 2017-06-23 2017-06-27
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.