CWE-264
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 2 of 8
- CVE-2015-7598HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7961HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7962HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7963HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7964HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7965HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability th…
- CVE-2015-7966HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability th…
- CVE-2015-7967HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-8325HIGHCVSS 7.8EG 7.82016-05-01
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggerin…
- CVE-2015-9008CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
- CVE-2015-9009CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
- CVE-2015-9010CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
- CVE-2015-9011CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
- CVE-2015-9012CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
- CVE-2015-9013CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
- CVE-2015-9014CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
- CVE-2015-9015HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
- CVE-2015-9016HIGHCVSS 7.0EG 7.02018-04-05
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Produ…
- CVE-2015-9196CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation.
- CVE-2016-0327HIGHCVSS 7.8EG 7.82018-01-12
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.
- CVE-2016-10010HIGHCVSS 7.0EG 7.02017-01-05
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
- CVE-2016-10230CRITICALCVSS 9.8EG 9.82018-04-04
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
- CVE-2016-10231HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.
- CVE-2016-10232HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.
- CVE-2016-10233CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
- CVE-2016-10298CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
- CVE-2016-10299CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
- CVE-2016-10451HIGHCVSS 7.8EG 7.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/…
- CVE-2016-10457CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, …
- CVE-2016-10730HIGHCVSS 7.8EG 7.82018-10-24
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore d…
- CVE-2016-10886CRITICALCVSS 9.8EG 9.82019-08-14
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
- CVE-2016-10922CRITICALCVSS 9.8EG 9.82019-08-22
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
- CVE-2016-10923CRITICALCVSS 9.8EG 9.82019-08-22
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
- CVE-2016-10929MEDIUMCVSS 5.3EG 5.32019-08-22
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
- CVE-2016-10935CRITICALCVSS 9.8EG 9.82019-08-27
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
- CVE-2016-1579MEDIUMCVSS 6.7EG 9.82019-04-22
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-…
- CVE-2016-2121MEDIUMCVSS 4.0EG 5.52018-10-31
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system…
- CVE-2016-5295HIGHCVSS 7.8EG 7.82018-06-11
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access a…
- CVE-2016-6564HIGHCVSS 8.1EG 8.12018-07-13
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as …
- CVE-2016-7070HIGHCVSS 8.0EG 8.02018-09-11
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level acc…
- CVE-2016-8482HIGHCVSS 7.8EG 7.82018-04-05
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.
- CVE-2016-8484CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.
- CVE-2016-8487CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.
- CVE-2016-8488CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.
- CVE-2016-8528HIGHCVSS 8.8EG 8.82018-02-15
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
- CVE-2016-8533HIGHCVSS 8.8EG 8.82018-02-15
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- CVE-2016-8534HIGHCVSS 8.8EG 8.82018-02-15
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- CVE-2016-8629MEDIUMCVSS 6.5EG 6.52018-03-12
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal pe…
- CVE-2016-8656HIGHCVSS 7.0EG 7.82018-05-22
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
- CVE-2016-8657HIGHCVSS 7.8EG 7.82018-07-31
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /…
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →