CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2017-17564 388 DoS +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
302 CVE-2017-17563 119 DoS Overflow +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
303 CVE-2017-17476 200 +Priv +Info 2017-12-20 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
304 CVE-2017-17468 DoS +Priv 2017-12-08 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.
305 CVE-2017-17466 DoS +Priv 2017-12-08 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.
306 CVE-2017-17045 416 DoS +Priv +Info 2017-11-28 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
307 CVE-2017-17010 426 +Priv 2017-12-27 2018-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
308 CVE-2017-16997 426 +Priv 2017-12-17 2019-04-26
9.3
None Remote Medium Not required Complete Complete Complete
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
309 CVE-2017-16945 732 +Priv 2018-01-31 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
310 CVE-2017-16939 416 DoS +Priv 2017-11-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
311 CVE-2017-16933 732 +Priv 2017-11-24 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
312 CVE-2017-16928 732 +Priv 2018-01-31 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
313 CVE-2017-16895 732 +Priv 2017-12-01 2019-10-02
7.2
Admin Local Low Not required Complete Complete Complete
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
314 CVE-2017-16882 732 +Priv 2017-11-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
315 CVE-2017-16834 732 Exec Code +Priv 2017-11-15 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
316 CVE-2017-16788 22 +Priv Dir. Trav. 2017-12-15 2018-01-03
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
317 CVE-2017-16757 +Priv 2017-11-09 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
318 CVE-2017-16659 732 +Priv 2017-11-08 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
319 CVE-2017-16638 732 +Priv 2017-11-06 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
320 CVE-2017-16636 79 +Priv XSS Bypass 2017-11-06 2017-11-29
3.5
None Remote Medium Single system None Partial None
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.
321 CVE-2017-16557 787 +Priv 2018-01-16 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.
322 CVE-2017-16555 787 +Priv 2018-01-16 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.
323 CVE-2017-16554 787 +Priv 2018-01-16 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.
324 CVE-2017-16553 787 +Priv 2018-01-16 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.
325 CVE-2017-16552 787 +Priv 2018-01-16 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.
326 CVE-2017-16551 787 +Priv 2018-01-16 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.
327 CVE-2017-16550 +Priv 2018-01-16 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.
328 CVE-2017-16549 787 +Priv 2018-01-16 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.
329 CVE-2017-15945 732 +Priv 2017-10-27 2019-10-02
7.2
Admin Local Low Not required Complete Complete Complete
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
330 CVE-2017-15883 287 DoS +Priv Bypass 2018-01-08 2018-02-01
7.5
None Remote Low Not required Partial Partial Partial
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
331 CVE-2017-15870 +Priv 2017-12-11 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
332 CVE-2017-15868 20 +Priv 2017-12-05 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
333 CVE-2017-15696 200 +Priv +Info 2018-02-25 2018-03-16
5.0
None Remote Low Not required Partial None None
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
334 CVE-2017-15692 502 Exec Code +Priv 2018-02-27 2018-03-23
7.5
None Remote Low Not required Partial Partial Partial
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
335 CVE-2017-15649 362 +Priv 2017-10-19 2018-08-24
4.6
None Local Low Not required Partial Partial Partial
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
336 CVE-2017-15595 400 DoS +Priv 2017-10-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
337 CVE-2017-15594 DoS +Priv 2017-10-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
338 CVE-2017-15592 668 DoS +Priv 2017-10-18 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
339 CVE-2017-15590 DoS +Priv 2017-10-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
340 CVE-2017-15567 +Priv 2017-10-23 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK.
341 CVE-2017-15538 79 +Priv XSS 2017-10-17 2018-06-19
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
342 CVE-2017-15536 269 +Priv 2018-02-04 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.
343 CVE-2017-15374 79 Exec Code +Priv XSS 2017-10-16 2018-01-23
4.3
None Remote Medium Not required None Partial None
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.
344 CVE-2017-15358 362 +Priv 2018-08-03 2018-10-02
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
345 CVE-2017-15357 362 +Priv 2017-12-01 2019-04-26
6.9
Admin Local Medium Not required Complete Complete Complete
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
346 CVE-2017-15288 732 +Priv 2017-11-15 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
347 CVE-2017-15276 22 +Priv Dir. Trav. 2017-10-13 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
348 CVE-2017-15214 79 +Priv XSS 2017-10-10 2017-10-27
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
349 CVE-2017-15213 79 +Priv XSS 2017-10-10 2017-10-27
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
350 CVE-2017-15114 295 +Priv 2017-11-27 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
Total number of vulnerabilities : 5122   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.