CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-6001 362 +Priv 2017-02-18 2018-06-19
7.6
None Remote High Not required Complete Complete Complete
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
2 CVE-2017-5551 +Priv 2017-02-06 2019-10-02
3.6
None Local Low Not required Partial Partial None
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.
3 CVE-2017-5166 200 +Priv +Info 2017-02-13 2017-02-16
5.0
None Remote Low Not required Partial None None
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.
4 CVE-2017-2583 DoS +Priv 2017-02-06 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
5 CVE-2017-1093 +Priv 2017-02-02 2019-10-02
7.2
Admin Local Low Not required Complete Complete Complete
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
6 CVE-2017-0419 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769.
7 CVE-2017-0418 787 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959.
8 CVE-2017-0417 787 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438.
9 CVE-2017-0416 787 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609.
10 CVE-2017-0415 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020.
11 CVE-2017-0412 367 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.
12 CVE-2017-0411 367 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.
13 CVE-2017-0410 190 Exec Code +Priv 2017-02-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.
14 CVE-2016-10150 416 DoS +Priv 2017-02-06 2017-02-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
15 CVE-2016-10089 264 +Priv 2017-02-15 2017-11-22
7.2
Admin Local Low Not required Complete Complete Complete
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
16 CVE-2016-10044 264 +Priv Bypass 2017-02-07 2017-07-24
7.2
None Local Low Not required Complete Complete Complete
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
17 CVE-2016-9637 264 +Priv 2017-02-16 2018-02-07
3.7
None Local High Not required Partial Partial Partial
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
18 CVE-2016-8972 264 +Priv 2017-02-15 2017-09-02
7.2
Admin Local Low Not required Complete Complete Complete
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
19 CVE-2016-8659 264 +Priv 2017-02-13 2017-02-16
6.9
None Local Medium Not required Complete Complete Complete
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
20 CVE-2016-8567 798 +Priv 2017-02-13 2017-02-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
21 CVE-2016-7661 264 +Priv 2017-02-20 2017-09-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
22 CVE-2016-7660 264 +Priv 2017-02-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
23 CVE-2016-7655 704 DoS +Priv 2017-02-20 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.
24 CVE-2016-7637 119 DoS Overflow +Priv Mem. Corr. 2017-02-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
25 CVE-2016-7633 416 DoS +Priv 2017-02-20 2017-09-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.
26 CVE-2016-7583 264 +Priv 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.
27 CVE-2016-6252 190 Overflow +Priv 2017-02-17 2017-11-03
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
28 CVE-2016-4678 476 DoS +Priv 2017-02-20 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
29 CVE-2016-4674 119 DoS Overflow +Priv Mem. Corr. 2017-02-20 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
30 CVE-2016-1889 190 Overflow +Priv 2017-02-15 2017-02-16
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
31 CVE-2016-1883 264 +Priv 2017-02-15 2017-02-17
7.2
None Local Low Not required Complete Complete Complete
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
32 CVE-2016-1881 264 DoS +Priv 2017-02-15 2018-01-29
7.2
None Local Low Not required Complete Complete Complete
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
33 CVE-2016-1880 264 +Priv 2017-02-15 2017-02-17
7.2
None Local Low Not required Complete Complete Complete
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."
34 CVE-2015-8768 264 +Priv 2017-02-13 2017-10-02
7.5
None Remote Low Not required Partial Partial Partial
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
35 CVE-2014-9914 416 DoS +Priv 2017-02-07 2017-07-24
7.2
None Local Low Not required Complete Complete Complete
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.