CWE-264
485 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 3 of 10
- CVE-2014-10058HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unaut…
- CVE-2014-10070HIGHCVSS 7.8EG 7.82018-02-27
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical condit…
- CVE-2014-1226HIGHCVSS 7.8EG 7.82018-04-06
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.
- CVE-2014-1845HIGHCVSS 7.8EG 7.82018-04-27
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
- CVE-2014-1846HIGHCVSS 7.8EG 7.82018-04-27
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
- CVE-2014-1889MEDIUMCVSS 6.5EG 6.52018-04-10
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
- CVE-2014-1946HIGHCVSS 8.8EG 8.82018-04-10
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.p…
- CVE-2014-2071HIGHCVSS 7.1EG 7.12018-01-08
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain priv…
- CVE-2014-2079MEDIUMCVSS 5.5EG 5.52018-07-16
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
- CVE-2014-2532MEDIUMCVSS 4.2EG 4.92014-03-18
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
- CVE-2014-2552CRITICALCVSS 9.8EG 9.82018-04-27
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
- CVE-2014-3752MEDIUMCVSS 6.7EG 6.72018-02-01
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
- CVE-2014-4919MEDIUMCVSS 5.4EG 5.42018-01-19
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary d…
- CVE-2014-5070HIGHCVSS 8.8EG 8.82018-01-11
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
- CVE-2014-5443HIGHCVSS 7.8EG 7.82018-03-19
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
- CVE-2014-7272HIGHCVSS 7.8EG 7.82018-03-08
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitati…
- CVE-2014-7862CRITICALCVSS 9.8EG 9.82018-01-04
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
- CVE-2014-8421HIGHCVSS 7.5EG 7.52018-04-12
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh…
- CVE-2014-8540MEDIUMCVSS 6.5EG 6.52018-01-05
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
- CVE-2014-9503MEDIUMCVSS 6.5EG 6.52018-02-01
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax …
- CVE-2014-9953CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
- CVE-2014-9954CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
- CVE-2014-9955CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
- CVE-2014-9956CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
- CVE-2014-9957CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
- CVE-2014-9958CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
- CVE-2014-9959CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.
- CVE-2015-1327LOWCVSS 3.9EG 7.82019-04-22
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious applica…
- CVE-2015-1341HIGHCVSS 7.4EG 7.82019-04-22
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
- CVE-2015-1416HIGHCVSS 7.8EG 7.82018-02-05
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary sh…
- CVE-2015-3965HIGHCVSS 8.8EG 8.82019-03-23
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
- CVE-2015-5600HIGHCVSS 8.1EG 0.02015-08-03
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct bru…
- CVE-2015-6564HIGHCVSS 7.0EG 0.02015-08-24
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedl…
- CVE-2015-7266HIGHCVSS 7.5EG 7.52018-10-30
The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid…
- CVE-2015-7440HIGHCVSS 7.8EG 7.82018-03-15
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 I…
- CVE-2015-7596HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7597HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7598HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7961HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7962HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7963HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7964HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-7965HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability th…
- CVE-2015-7966HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability th…
- CVE-2015-7967HIGHCVSS 7.8EG 7.82018-03-02
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2015-8325HIGHCVSS 7.8EG 7.82016-05-01
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggerin…
- CVE-2015-9008CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
- CVE-2015-9009CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
- CVE-2015-9010CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
- CVE-2015-9011CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →