CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2013-6770 264 +Priv 2014-03-31 2014-04-03
7.6
None Remote High Not required Complete Complete Complete
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
202 CVE-2013-6769 20 +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
203 CVE-2013-6744 264 +Priv 2014-05-30 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
204 CVE-2013-6476 264 +Priv 2014-03-14 2014-03-17
4.4
None Local Medium Not required Partial Partial Partial
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
205 CVE-2013-6441 264 +Priv 2014-02-14 2014-02-18
7.2
None Local Low Not required Complete Complete Complete
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
206 CVE-2013-6433 264 +Priv 2014-06-02 2018-10-19
7.6
None Remote High Not required Complete Complete Complete
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
207 CVE-2013-6306 +Priv 2014-08-22 2017-08-29
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.
208 CVE-2013-6216 +Priv 2014-04-12 2019-10-09
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.
209 CVE-2013-6208 +Priv 2014-03-16 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.
210 CVE-2013-6123 20 +Priv 2014-01-14 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.
211 CVE-2013-5987 +Priv Bypass 2014-01-21 2016-08-23
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.
212 CVE-2013-5467 264 +Priv 2014-08-29 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.
213 CVE-2013-5011 22 +Priv Dir. Trav. 2014-01-10 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
214 CVE-2013-5009 287 +Priv 2014-01-10 2017-08-29
7.4
None Local Network Medium ??? Complete Complete Complete
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
215 CVE-2013-4738 119 Overflow +Priv 2014-02-03 2014-02-21
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.
216 CVE-2013-4262 59 +Priv 2014-07-28 2016-10-18
2.4
None Local High ??? None Partial Partial
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.
217 CVE-2013-4215 59 +Priv 2014-05-05 2014-05-06
4.4
None Local Medium Not required Partial Partial Partial
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
218 CVE-2013-3678 +Priv 2014-11-19 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
219 CVE-2013-3092 287 +Priv Bypass 2014-09-29 2014-10-01
8.3
None Local Network Low Not required Complete Complete Complete
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
220 CVE-2013-2597 119 Overflow +Priv 2014-08-31 2014-09-02
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
221 CVE-2013-2595 264 +Priv 2014-08-31 2014-09-02
7.2
None Local Low Not required Complete Complete Complete
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.
222 CVE-2013-2152 +Priv 2014-01-21 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
223 CVE-2013-2151 +Priv 2014-01-21 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.
224 CVE-2013-2143 20 1 +Priv 2014-04-17 2021-07-16
6.5
None Remote Low ??? Partial Partial Partial
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
225 CVE-2013-2119 264 DoS +Priv 2014-01-03 2016-12-06
4.6
None Local Low Not required Partial Partial Partial
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
226 CVE-2013-1398 310 +Priv +Info 2014-03-14 2019-07-10
8.5
None Remote Medium ??? Complete Complete Complete
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
227 CVE-2013-1191 264 +Priv 2014-05-26 2014-05-27
7.1
None Remote High ??? Complete Complete Complete
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.
228 CVE-2013-1068 264 +Priv 2014-06-19 2014-06-20
5.0
None Remote Low Not required None Partial None
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
229 CVE-2013-0187 264 +Priv 2014-05-08 2014-05-08
6.5
None Remote Low ??? Partial Partial Partial
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
230 CVE-2012-5390 264 +Priv 2014-06-06 2014-06-09
10.0
None Remote Low Not required Complete Complete Complete
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
231 CVE-2012-3359 255 +Priv 2014-03-31 2014-03-31
3.7
None Local High Not required Partial Partial Partial
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
232 CVE-2012-2095 20 1 +Priv 2014-04-07 2014-04-08
6.9
None Local Medium Not required Complete Complete Complete
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
233 CVE-2011-5275 264 +Priv 2014-03-21 2014-03-21
7.5
None Remote Low Not required Partial Partial Partial
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
234 CVE-2011-4093 190 Overflow +Priv 2014-02-10 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
235 CVE-2011-3628 +Priv 2014-04-15 2014-04-16
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.
236 CVE-2011-1831 264 +Priv 2014-02-15 2014-03-08
4.6
None Local Low Not required Partial Partial Partial
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
237 CVE-2011-1763 DoS +Priv 2014-01-07 2015-09-03
7.7
None Local Network Low ??? Complete Complete Complete
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
238 CVE-2010-0746 22 +Priv Dir. Trav. 2014-01-13 2014-01-14
6.2
None Local High Not required Complete Complete Complete
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.
239 CVE-2008-3277 22 +Priv Dir. Trav. 2014-04-15 2019-04-22
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.
Total number of vulnerabilities : 239   Page : 1 2 3 4 5 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.