CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-17468 DoS +Priv 2017-12-08 2017-12-08
0.0
None ??? ??? ??? ??? ??? ???
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.
2 CVE-2017-17466 DoS +Priv 2017-12-08 2017-12-08
0.0
None ??? ??? ??? ??? ??? ???
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.
3 CVE-2017-17045 DoS +Priv +Info 2017-11-28 2017-12-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
4 CVE-2017-16939 264 DoS +Priv 2017-11-24 2017-12-08
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
5 CVE-2017-16933 +Priv 2017-11-24 2017-11-24
0.0
None ??? ??? ??? ??? ??? ???
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
6 CVE-2017-16895 +Priv 2017-12-01 2017-12-01
0.0
None ??? ??? ??? ??? ??? ???
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
7 CVE-2017-16882 264 +Priv 2017-11-18 2017-12-08
4.6
None Local Low Not required Partial Partial Partial
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
8 CVE-2017-16834 264 Exec Code +Priv 2017-11-15 2017-12-04
7.2
None Local Low Not required Complete Complete Complete
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
9 CVE-2017-16757 275 +Priv 2017-11-09 2017-12-04
4.6
None Local Low Not required Partial Partial Partial
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
10 CVE-2017-16659 264 +Priv 2017-11-08 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
11 CVE-2017-16638 264 +Priv 2017-11-06 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
12 CVE-2017-16636 79 +Priv XSS Bypass 2017-11-06 2017-11-29
3.5
None Remote Medium Single system None Partial None
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.
13 CVE-2017-15945 264 +Priv 2017-10-27 2017-11-14
7.2
Admin Local Low Not required Complete Complete Complete
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
14 CVE-2017-15868 +Priv 2017-12-05 2017-12-08
0.0
None ??? ??? ??? ??? ??? ???
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
15 CVE-2017-15649 362 +Priv 2017-10-19 2017-11-08
4.6
None Local Low Not required Partial Partial Partial
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
16 CVE-2017-15595 400 DoS +Priv 2017-10-18 2017-11-29
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
17 CVE-2017-15594 19 DoS +Priv 2017-10-18 2017-11-29
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
18 CVE-2017-15592 264 DoS +Priv 2017-10-18 2017-12-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
19 CVE-2017-15590 264 DoS +Priv 2017-10-18 2017-11-29
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
20 CVE-2017-15567 284 +Priv 2017-10-23 2017-11-14
7.2
None Local Low Not required Complete Complete Complete
The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors.
21 CVE-2017-15538 79 +Priv XSS 2017-10-17 2017-11-08
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
22 CVE-2017-15374 79 Exec Code +Priv XSS 2017-10-16 2017-11-07
4.3
None Remote Medium Not required None Partial None
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.
23 CVE-2017-15357 +Priv 2017-12-01 2017-12-01
0.0
None ??? ??? ??? ??? ??? ???
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
24 CVE-2017-15288 264 +Priv 2017-11-15 2017-12-03
7.2
None Local Low Not required Complete Complete Complete
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
25 CVE-2017-15276 22 +Priv Dir. Trav. 2017-10-13 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
26 CVE-2017-15214 79 +Priv XSS 2017-10-10 2017-10-27
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
27 CVE-2017-15213 79 +Priv XSS 2017-10-10 2017-10-27
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
28 CVE-2017-15114 +Priv 2017-11-27 2017-11-29
0.0
None ??? ??? ??? ??? ??? ???
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
29 CVE-2017-15102 476 +Priv 2017-11-15 2017-12-02
6.9
None Local Medium Not required Complete Complete Complete
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
30 CVE-2017-15044 +Priv Bypass 2017-11-21 2017-11-21
0.0
None ??? ??? ??? ??? ??? ???
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.
31 CVE-2017-15013 264 +Priv 2017-10-13 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
32 CVE-2017-14924 352 +Priv CSRF 2017-09-29 2017-10-06
6.0
None Remote Medium Single system Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
33 CVE-2017-14730 264 +Priv 2017-09-25 2017-10-06
7.2
None Local Low Not required Complete Complete Complete
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
34 CVE-2017-14635 264 +Priv 2017-09-21 2017-11-08
6.5
None Remote Low Single system Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
35 CVE-2017-14484 264 Exec Code +Priv 2017-09-15 2017-09-28
6.9
Admin Local Medium Not required Complete Complete Complete
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
36 CVE-2017-14398 119 Overflow +Priv 2017-09-13 2017-09-27
4.6
None Local Low Not required Partial Partial Partial
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.
37 CVE-2017-14315 119 Overflow +Priv Bypass 2017-09-12 2017-09-21
7.9
None Local Network Medium Not required Complete Complete Complete
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
38 CVE-2017-14312 264 +Priv 2017-09-11 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
39 CVE-2017-14311 264 +Priv 2017-09-19 2017-09-27
4.6
None Local Low Not required Partial Partial Partial
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
40 CVE-2017-14013 264 +Priv Bypass 2017-10-17 2017-11-08
6.8
None Remote Medium Not required Partial Partial Partial
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.
41 CVE-2017-13826 +Priv 2017-11-12 2017-11-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "Postfix" product. Versions before 3.2.2 might allow local users to gain privileges or have unspecified other impact.
42 CVE-2017-13779 264 Exec Code +Priv 2017-09-14 2017-09-27
7.2
None Local Low Not required Complete Complete Complete
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.
43 CVE-2017-13707 264 Exec Code +Priv 2017-08-27 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
44 CVE-2017-13681 264 +Priv 2017-11-06 2017-11-29
4.6
None Local Low Not required Partial Partial Partial
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.
45 CVE-2017-13130 264 +Priv 2017-08-22 2017-08-30
7.2
None Local Low Not required Complete Complete Complete
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
46 CVE-2017-12787 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
47 CVE-2017-12786 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
48 CVE-2017-12785 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
49 CVE-2017-12763 264 +Priv 2017-08-29 2017-09-07
9.0
None Remote Low Single system Complete Complete Complete
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
50 CVE-2017-12733 306 +Priv 2017-09-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.
Total number of vulnerabilities : 4732   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.