CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-11742 426 +Priv 2017-07-30 2017-08-09
4.6
None Local Low Not required Partial Partial Partial
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
2 CVE-2017-11657 426 +Priv 2017-08-04 2017-08-15
4.4
None Local Medium Not required Partial Partial Partial
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
3 CVE-2017-11653 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
4 CVE-2017-11652 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
5 CVE-2017-11473 119 Overflow +Priv 2017-07-20 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.
6 CVE-2017-11153 502 +Priv 2017-08-08 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
7 CVE-2017-10914 415 DoS +Priv +Info 2017-07-04 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
8 CVE-2017-10913 264 +Priv +Info 2017-07-04 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
9 CVE-2017-10824 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
10 CVE-2017-10823 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
11 CVE-2017-10822 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
12 CVE-2017-10821 +Priv 2017-08-18 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
13 CVE-2017-10820 426 +Priv 2017-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
14 CVE-2017-10663 +Priv 2017-08-19 2017-08-19
0.0
None ??? ??? ??? ??? ??? ???
The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
15 CVE-2017-10662 +Priv 2017-08-19 2017-08-19
0.0
None ??? ??? ??? ??? ??? ???
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.
16 CVE-2017-10661 DoS +Priv 2017-08-19 2017-08-19
0.0
None ??? ??? ??? ??? ??? ???
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
17 CVE-2017-9653 +Priv 2017-08-14 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.
18 CVE-2017-9606 264 +Priv 2017-06-14 2017-06-28
4.4
None Local Medium Not required Partial Partial Partial
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
19 CVE-2017-9525 59 +Priv 2017-06-09 2017-07-26
6.9
Admin Local Medium Not required Complete Complete Complete
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
20 CVE-2017-9370 +Priv 2017-08-09 2017-08-09
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
21 CVE-2017-9324 264 +Priv 2017-06-12 2017-06-22
6.5
None Remote Low Single system Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
22 CVE-2017-9036 264 +Priv 2017-05-25 2017-06-01
7.2
None Local Low Not required Complete Complete Complete
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.
23 CVE-2017-8849 20 +Priv 2017-05-17 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
24 CVE-2017-8773 787 Exec Code +Priv 2017-05-04 2017-05-15
7.5
None Remote Low Not required Partial Partial Partial
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.
25 CVE-2017-8613 264 +Priv 2017-06-29 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
26 CVE-2017-8422 264 +Priv 2017-05-17 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
27 CVE-2017-8386 264 +Priv 2017-06-01 2017-06-30
6.5
None Remote Low Single system Partial Partial Partial
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
28 CVE-2017-8284 264 +Priv 2017-04-26 2017-05-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."
29 CVE-2017-8108 264 +Priv 2017-06-08 2017-06-28
4.6
None Local Low Not required Partial Partial Partial
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.
30 CVE-2017-7925 264 +Priv 2017-05-05 2017-05-18
5.0
None Remote Low Not required Partial None None
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
31 CVE-2017-7922 264 +Priv 2017-06-21 2017-06-29
6.5
None Remote Low Single system Partial Partial Partial
An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.
32 CVE-2017-7921 287 +Priv 2017-05-05 2017-05-18
7.5
None Remote Low Not required Partial Partial Partial
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
33 CVE-2017-7916 264 +Priv 2017-08-07 2017-08-17
4.0
None Remote Low Single system Partial None None
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
34 CVE-2017-7690 264 +Priv 2017-04-14 2017-04-25
7.2
None Local Low Not required Complete Complete Complete
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
35 CVE-2017-7643 284 +Priv 2017-04-14 2017-08-15
7.2
None Local Low Not required Complete Complete Complete
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
36 CVE-2017-7642 264 +Priv 2017-08-02 2017-08-15
7.2
None Local Low Not required Complete Complete Complete
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
37 CVE-2017-7541 119 DoS Overflow +Priv 2017-07-25 2017-07-31
7.2
None Local Low Not required Complete Complete Complete
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.
38 CVE-2017-7533 362 DoS +Priv Mem. Corr. 2017-08-05 2017-08-09
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
39 CVE-2017-7412 264 +Priv 2017-04-03 2017-04-11
7.2
None Local Low Not required Complete Complete Complete
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
40 CVE-2017-7374 416 DoS +Priv 2017-03-31 2017-04-05
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
41 CVE-2017-7308 119 DoS Overflow +Priv 2017-03-29 2017-08-15
7.2
None Local Low Not required Complete Complete Complete
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
42 CVE-2017-7294 787 DoS Overflow +Priv 2017-03-28 2017-03-31
7.2
None Local Low Not required Complete Complete Complete
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
43 CVE-2017-7221 89 Exec Code +Priv Sql 2017-04-25 2017-08-15
6.5
None Remote Low Single system Partial Partial Partial
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
44 CVE-2017-7218 264 +Priv 2017-04-14 2017-07-10
4.6
None Local Low Not required Partial Partial Partial
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
45 CVE-2017-6885 264 +Priv 2017-05-16 2017-06-01
7.5
None Remote Low Not required Partial Partial Partial
An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.
46 CVE-2017-6866 +Priv 2017-08-07 2017-08-08
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.
47 CVE-2017-6823 264 +Priv 2017-03-12 2017-08-15
6.5
None Remote Low Single system Partial Partial Partial
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
48 CVE-2017-6781 +Priv 2017-08-17 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.
49 CVE-2017-6775 +Priv 2017-08-17 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.
50 CVE-2017-6768 +Priv 2017-08-17 2017-08-18
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).
Total number of vulnerabilities : 4579   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.