CWE-264
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 4 of 8
- CVE-2018-13801HIGHCVSS 8.8EG 8.82018-10-10
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privi…
- CVE-2018-13802HIGHCVSS 7.2EG 7.22018-10-10
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Su…
- CVE-2018-15370MEDIUMCVSS 6.8EG 6.82018-10-05
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an aff…
- CVE-2018-5468CRITICALCVSS 9.8EG 9.82018-03-26
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
- CVE-2018-5472CRITICALCVSS 9.8EG 9.82018-03-26
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary c…
- CVE-2018-6674MEDIUMCVSS 6.8EG 3.92018-05-25
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator gr…
- CVE-2018-7500CRITICALCVSS 9.8EG 9.82018-03-14
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
- CVE-2018-7505CRITICALCVSS 9.8EG 9.82018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP applicat…
- CVE-2019-0121HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-0128HIGHCVSS 7.8EG 7.82019-06-13
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.
- CVE-2019-0129HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-0135HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206
- CVE-2019-0164HIGHCVSS 7.3EG 7.32019-06-13
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-0730HIGHCVSS 7.8EG 7.82019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-080…
- CVE-2019-0731HIGHCVSS 7.8EG 7.82019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-080…
- CVE-2019-0796MEDIUMCVSS 5.5EG 5.52019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-080…
- CVE-2019-10132HIGHCVSS 8.8EG 8.82019-05-22
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd…
- CVE-2019-10709CRITICALCVSS 9.8EG 9.82019-09-04
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
- CVE-2019-10885HIGHCVSS 7.8EG 7.82019-04-05
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resett…
- CVE-2019-11245MEDIUMCVSS 4.9EG 4.92019-08-29
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: tr…
- CVE-2019-11771HIGHCVSS 7.8EG 7.82019-07-17
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
- CVE-2019-11773HIGHCVSS 7.8EG 7.82019-09-12
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
- CVE-2019-12634HIGHCVSS 7.5EG 7.52019-08-21
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a de…
- CVE-2019-12808HIGHCVSS 7.8EG 7.82019-08-13
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execut…
- CVE-2019-13013MEDIUMCVSS 5.5EG 5.52019-08-23
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings a…
- CVE-2019-13014MEDIUMCVSS 5.5EG 5.52019-08-23
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulne…
- CVE-2019-13125HIGHCVSS 7.8EG 7.82019-07-01
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
- CVE-2019-14257HIGHCVSS 7.8EG 7.82019-08-21
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
- CVE-2019-14879MEDIUMCVSS 5.4EG 5.42020-01-07
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
- CVE-2019-15272MEDIUMCVSS 6.5EG 6.52019-10-02
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. T…
- CVE-2019-15275MEDIUMCVSS 6.7EG 6.72019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validatio…
- CVE-2019-15277MEDIUMCVSS 6.7EG 6.72019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker…
- CVE-2019-1591HIGHCVSS 7.8EG 7.82019-03-06
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insuf…
- CVE-2019-1592HIGHCVSS 7.8EG 7.82019-05-03
A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affe…
- CVE-2019-1593HIGHCVSS 7.8EG 7.82019-03-06
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate w…
- CVE-2019-1594HIGHCVSS 7.4EG 7.42019-03-06
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input valida…
- CVE-2019-1596HIGHCVSS 7.8EG 7.82019-03-07
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability…
- CVE-2019-15960MEDIUMCVSS 5.4EG 5.42019-11-26
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be …
- CVE-2019-15996MEDIUMCVSS 6.7EG 6.72019-11-26
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restricti…
- CVE-2019-1600MEDIUMCVSS 4.4EG 4.42019-03-07
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulner…
- CVE-2019-16017MEDIUMCVSS 6.8EG 6.82020-09-23
A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Referenc…
- CVE-2019-1602HIGHCVSS 7.8EG 7.82019-03-08
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improp…
- CVE-2019-1620CRITICALCVSS 9.8EG 9.82019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permis…
- CVE-2019-1621HIGHCVSS 7.5EG 7.52019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrec…
- CVE-2019-1625HIGHCVSS 7.8EG 7.82019-06-20
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. …
- CVE-2019-1626HIGHCVSS 8.8EG 8.82019-06-20
A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly au…
- CVE-2019-1646HIGHCVSS 7.8EG 7.82019-01-24
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized …
- CVE-2019-1648HIGHCVSS 7.8EG 7.82019-01-24
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…
- CVE-2019-1660MEDIUMCVSS 5.3EG 5.32019-02-07
A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due t…
- CVE-2019-1682HIGHCVSS 7.8EG 7.82019-05-03
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerabilit…
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →