CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0073 264 +Priv 2017-10-30 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
2 CVE-2014-7851 264 +Priv 2017-10-16 2019-11-06
6.0
None Remote Medium ??? Partial Partial Partial
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
3 CVE-2014-7920 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
4 CVE-2014-7921 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
5 CVE-2014-8358 426 +Priv 2017-12-11 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
6 CVE-2014-9914 362 DoS +Priv 2017-02-07 2017-07-25
7.2
None Local Low Not required Complete Complete Complete
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
7 CVE-2014-9922 264 +Priv 2017-04-04 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
8 CVE-2014-9940 416 DoS +Priv 2017-05-02 2017-11-04
7.6
None Remote High Not required Complete Complete Complete
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
9 CVE-2015-0162 264 +Priv 2017-09-20 2017-09-27
6.9
None Local Medium Not required Complete Complete Complete
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
10 CVE-2015-0974 426 +Priv 2017-08-28 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.
11 CVE-2015-1324 264 +Priv 2017-08-25 2017-08-30
7.2
None Local Low Not required Complete Complete Complete
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
12 CVE-2015-1325 362 +Priv 2017-08-25 2017-08-30
6.9
None Local Medium Not required Complete Complete Complete
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
13 CVE-2015-1336 284 +Priv 2017-09-28 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
14 CVE-2015-1527 190 Overflow +Priv 2017-09-15 2017-09-21
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
15 CVE-2015-1591 264 +Priv 2017-06-27 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
16 CVE-2015-1795 264 Exec Code +Priv 2017-06-27 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
17 CVE-2015-1801 119 DoS Overflow +Priv Mem. Corr. 2017-08-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
18 CVE-2015-2673 264 Exec Code +Priv 2017-10-06 2017-11-01
6.5
None Remote Low ??? Partial Partial Partial
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.
19 CVE-2015-2889 264 +Priv 2017-04-10 2021-09-10
6.5
None Remote Low ??? Partial Partial Partial
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.
20 CVE-2015-3321 264 +Priv 2017-10-03 2017-10-17
7.2
None Local Low Not required Complete Complete Complete
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
21 CVE-2015-3442 287 +Priv 2017-09-07 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
22 CVE-2015-3617 264 +Priv 2017-08-22 2017-08-29
4.6
None Local Low Not required Partial Partial Partial
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
23 CVE-2015-3643 264 +Priv 2017-09-28 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
24 CVE-2015-3653 284 DoS +Priv 2017-08-29 2017-09-06
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
25 CVE-2015-3654 284 +Priv 2017-08-29 2017-09-07
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
26 CVE-2015-3656 285 +Priv 2017-08-29 2017-09-07
6.5
None Remote Low ??? Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
27 CVE-2015-3657 284 +Priv 2017-08-29 2017-09-07
6.5
None Remote Low ??? Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
28 CVE-2015-3887 426 +Priv 2017-09-21 2017-10-03
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.
29 CVE-2015-4045 264 +Priv 2017-05-23 2017-05-30
7.2
None Local Low Not required Complete Complete Complete
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
30 CVE-2015-4421 119 DoS Overflow +Priv Mem. Corr. 2017-10-19 2017-11-07
7.6
None Remote High Not required Complete Complete Complete
The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.
31 CVE-2015-4422 119 DoS Overflow +Priv Mem. Corr. 2017-10-19 2017-11-08
7.6
None Remote High Not required Complete Complete Complete
The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.
32 CVE-2015-4649 284 +Priv 2017-08-29 2017-09-01
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
33 CVE-2015-4650 264 Exec Code +Priv 2017-10-16 2017-11-01
10.0
None Remote Low Not required Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
34 CVE-2015-4683 264 +Priv +Info 2017-09-19 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
35 CVE-2015-4685 264 +Priv 2017-09-19 2018-10-09
4.4
None Local Medium Not required Partial Partial Partial
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
36 CVE-2015-5153 275 +Priv 2017-08-18 2017-08-24
6.5
None Remote Low ??? Partial Partial Partial
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
37 CVE-2015-5675 264 DoS +Priv 2017-10-10 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
38 CVE-2015-6971 77 +Priv 2017-10-03 2017-10-17
7.2
None Local Low Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
39 CVE-2015-7260 264 +Priv 2017-04-10 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
40 CVE-2015-7358 264 +Priv 2017-10-03 2021-06-28
7.2
None Local Low Not required Complete Complete Complete
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
41 CVE-2015-7529 59 +Priv +Info 2017-11-06 2019-09-27
4.6
None Local Low Not required Partial Partial Partial
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
42 CVE-2015-7723 59 +Priv 2017-06-07 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.
43 CVE-2015-7724 59 +Priv 2017-06-07 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.
44 CVE-2015-8089 264 DoS +Priv 2017-05-23 2017-06-06
6.9
None Local Medium Not required Complete Complete Complete
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.
45 CVE-2015-8109 255 +Priv 2017-04-24 2017-04-29
6.9
None Local Medium Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
46 CVE-2015-8110 264 +Priv 2017-04-24 2017-04-28
7.2
None Local Low Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
47 CVE-2015-8300 275 +Priv 2017-08-28 2018-09-26
7.2
None Local Low Not required Complete Complete Complete
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
48 CVE-2015-8332 287 +Priv 2017-08-28 2017-09-08
6.5
None Remote Low ??? Partial Partial Partial
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."
49 CVE-2015-8768 264 +Priv 2017-02-13 2017-10-03
7.5
None Remote Low Not required Partial Partial Partial
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
50 CVE-2015-8994 264 +Priv 2017-03-02 2017-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.
Total number of vulnerabilities : 459   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.