CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2014(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2096 +Priv 2014-02-26 2014-03-11
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
2 CVE-2014-2095 +Priv 2014-02-26 2014-03-11
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.
3 CVE-2014-2094 +Priv 2014-02-26 2014-03-11
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.
4 CVE-2014-2093 +Priv 2014-02-26 2014-03-11
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
5 CVE-2014-1950 399 DoS +Priv 2014-02-14 2014-12-12
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
6 CVE-2014-1680 +Priv 2014-02-14 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
7 CVE-2014-0819 20 +Priv 2014-02-22 2017-11-21
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
8 CVE-2014-0818 94 Exec Code +Priv 2014-02-22 2017-11-21
7.5
None Remote Low Not required Partial Partial Partial
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.
9 CVE-2014-0816 264 +Priv 2014-02-27 2014-02-27
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.
10 CVE-2014-0774 119 Overflow +Priv 2014-02-28 2015-10-16
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
11 CVE-2014-0759 +Priv 2014-02-28 2014-02-28
6.9
None Local Medium Not required Complete Complete Complete
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
12 CVE-2014-0730 20 +Priv 2014-02-22 2014-02-24
6.8
None Local Low ??? Complete Complete Complete
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.
13 CVE-2014-0686 264 +Priv 2014-02-04 2018-01-03
6.0
None Local High ??? Complete Complete Complete
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.
14 CVE-2014-0069 119 DoS Overflow +Priv Mem. Corr. +Info 2014-02-28 2020-08-26
7.2
None Local Low Not required Complete Complete Complete
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
15 CVE-2014-0038 20 2 +Priv 2014-02-06 2018-01-03
6.9
None Local Medium Not required Complete Complete Complete
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
16 CVE-2013-6441 264 +Priv 2014-02-14 2014-02-18
7.2
None Local Low Not required Complete Complete Complete
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
17 CVE-2013-4738 119 Overflow +Priv 2014-02-03 2014-02-21
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.
18 CVE-2011-4093 190 Overflow +Priv 2014-02-10 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
19 CVE-2011-1831 264 +Priv 2014-02-15 2014-03-08
4.6
None Local Low Not required Partial Partial Partial
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Total number of vulnerabilities : 19   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.