CWE-264
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 3 of 8
- CVE-2016-8742HIGHCVSS 7.8EG 7.82018-02-12
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any …
- CVE-2016-9070HIGHCVSS 8.0EG 8.02018-06-11
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.
- CVE-2016-9073HIGHCVSS 7.5EG 7.52018-06-11
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
- CVE-2016-9075CRITICALCVSS 9.8EG 9.82018-06-11
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user …
- CVE-2016-9166HIGHCVSS 7.5EG 7.52019-03-21
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
- CVE-2016-9366CRITICALCVSS 9.8EG 9.82017-02-13
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPo…
- CVE-2016-9485HIGHCVSS 7.8EG 7.82018-07-13
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows ser…
- CVE-2016-9486HIGHCVSS 7.8EG 7.82018-07-13
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows ser…
- CVE-2016-9489HIGHCVSS 8.8EG 8.82018-07-13
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is als…
- CVE-2017-18376HIGHCVSS 8.8EG 8.82019-06-02
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/Use…
- CVE-2017-18383HIGHCVSS 7.8EG 7.82019-08-02
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
- CVE-2017-18399LOWCVSS 3.7EG 3.72019-08-02
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
- CVE-2017-18413HIGHCVSS 7.8EG 7.82019-08-02
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
- CVE-2017-18450MEDIUMCVSS 4.5EG 4.52019-08-02
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).
- CVE-2017-18451MEDIUMCVSS 5.3EG 5.32019-08-02
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
- CVE-2017-18455LOWCVSS 2.7EG 2.72019-08-02
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
- CVE-2017-18584HIGHCVSS 7.5EG 7.52019-08-22
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
- CVE-2017-8228HIGHCVSS 8.8EG 8.82019-07-03
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that…
- CVE-2017-8230HIGHCVSS 8.8EG 8.82019-07-03
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" gro…
- CVE-2017-9711MEDIUMCVSS 6.7EG 6.72024-11-22
Certain unprivileged processes are able to perform IOCTL calls.
- CVE-2018-0089HIGHCVSS 7.5EG 7.52018-01-18
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconn…
- CVE-2018-0092HIGHCVSS 7.1EG 7.12018-01-18
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete …
- CVE-2018-0095HIGHCVSS 7.8EG 7.82018-01-18
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain ro…
- CVE-2018-0096MEDIUMCVSS 5.9EG 5.92018-01-18
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify anothe…
- CVE-2018-0130CRITICALCVSS 9.8EG 9.82018-02-22
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerabil…
- CVE-2018-0152HIGHCVSS 8.8EG 8.82018-03-28
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does …
- CVE-2018-0169HIGHCVSS 7.8EG 7.82018-03-28
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the …
- CVE-2018-0176HIGHCVSS 7.8EG 7.82018-03-28
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the …
- CVE-2018-0183MEDIUMCVSS 6.7EG 6.72018-03-28
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. T…
- CVE-2018-0184MEDIUMCVSS 6.7EG 6.72018-03-28
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. T…
- CVE-2018-0213HIGHCVSS 8.8EG 8.82018-03-08
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An att…
- CVE-2018-0284MEDIUMCVSS 6.5EG 6.52018-11-08
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requ…
- CVE-2018-0293HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess v…
- CVE-2018-0294MEDIUMCVSS 6.7EG 6.72018-06-20
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists bec…
- CVE-2018-0317HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An …
- CVE-2018-0322HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vu…
- CVE-2018-0330HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerab…
- CVE-2018-0336HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authoriza…
- CVE-2018-0352MEDIUMCVSS 6.7EG 6.72018-06-07
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user creden…
- CVE-2018-0398CRITICALCVSS 9.8EG 9.82018-07-18
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.
- CVE-2018-0399CRITICALCVSS 9.8EG 9.82018-07-18
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
- CVE-2018-0417HIGHCVSS 7.8EG 7.82018-10-17
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. T…
- CVE-2018-0432HIGHCVSS 8.8EG 8.82018-10-05
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…
- CVE-2018-0437HIGHCVSS 7.8EG 7.82018-10-05
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user c…
- CVE-2018-0440HIGHCVSS 7.2EG 7.22018-10-05
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to…
- CVE-2018-0453HIGHCVSS 8.2EG 8.22018-10-05
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with…
- CVE-2018-0463HIGHCVSS 7.5EG 7.52018-10-05
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affecte…
- CVE-2018-10239MEDIUMCVSS 6.7EG 6.72019-06-17
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions w…
- CVE-2018-11461MEDIUMCVSS 6.6EG 6.62018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2018-11462CRITICALCVSS 9.8EG 9.82018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →