CWE-264
485 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 4 of 10
- CVE-2015-9012CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
- CVE-2015-9013CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
- CVE-2015-9014CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
- CVE-2015-9015HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
- CVE-2015-9016HIGHCVSS 7.0EG 7.02018-04-05
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Produ…
- CVE-2015-9196CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation.
- CVE-2016-0327HIGHCVSS 7.8EG 7.82018-01-12
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.
- CVE-2016-10010HIGHCVSS 7.0EG 7.02017-01-05
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
- CVE-2016-10230CRITICALCVSS 9.8EG 9.82018-04-04
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
- CVE-2016-10231HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.
- CVE-2016-10232HIGHCVSS 7.8EG 7.82018-04-04
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.
- CVE-2016-10233CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
- CVE-2016-10298CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
- CVE-2016-10299CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
- CVE-2016-10451HIGHCVSS 7.8EG 7.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/…
- CVE-2016-10457CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, …
- CVE-2016-10730HIGHCVSS 7.8EG 7.82018-10-24
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore d…
- CVE-2016-10886CRITICALCVSS 9.8EG 9.82019-08-14
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
- CVE-2016-10922CRITICALCVSS 9.8EG 9.82019-08-22
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
- CVE-2016-10923CRITICALCVSS 9.8EG 9.82019-08-22
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
- CVE-2016-10929MEDIUMCVSS 5.3EG 5.32019-08-22
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
- CVE-2016-10935CRITICALCVSS 9.8EG 9.82019-08-27
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
- CVE-2016-1579MEDIUMCVSS 6.7EG 9.82019-04-22
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-…
- CVE-2016-2121MEDIUMCVSS 4.0EG 5.52018-10-31
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system…
- CVE-2016-5295HIGHCVSS 7.8EG 7.82018-06-11
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access a…
- CVE-2016-6564HIGHCVSS 8.1EG 8.12018-07-13
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as …
- CVE-2016-7070HIGHCVSS 8.0EG 8.02018-09-11
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level acc…
- CVE-2016-8482HIGHCVSS 7.8EG 7.82018-04-05
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.
- CVE-2016-8484CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.
- CVE-2016-8487CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.
- CVE-2016-8488CRITICALCVSS 9.8EG 9.82018-04-04
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.
- CVE-2016-8528HIGHCVSS 8.8EG 8.82018-02-15
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
- CVE-2016-8533HIGHCVSS 8.8EG 8.82018-02-15
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- CVE-2016-8534HIGHCVSS 8.8EG 8.82018-02-15
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- CVE-2016-8629MEDIUMCVSS 6.5EG 6.52018-03-12
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal pe…
- CVE-2016-8656HIGHCVSS 7.0EG 7.82018-05-22
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
- CVE-2016-8657HIGHCVSS 7.8EG 7.82018-07-31
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /…
- CVE-2016-8742HIGHCVSS 7.8EG 7.82018-02-12
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any …
- CVE-2016-9070HIGHCVSS 8.0EG 8.02018-06-11
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.
- CVE-2016-9073HIGHCVSS 7.5EG 7.52018-06-11
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
- CVE-2016-9075CRITICALCVSS 9.8EG 9.82018-06-11
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user …
- CVE-2016-9166HIGHCVSS 7.5EG 7.52019-03-21
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
- CVE-2016-9366CRITICALCVSS 9.8EG 9.82017-02-13
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPo…
- CVE-2016-9485HIGHCVSS 7.8EG 7.82018-07-13
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows ser…
- CVE-2016-9486HIGHCVSS 7.8EG 7.82018-07-13
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows ser…
- CVE-2016-9489HIGHCVSS 8.8EG 8.82018-07-13
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is als…
- CVE-2017-18376HIGHCVSS 8.8EG 8.82019-06-02
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/Use…
- CVE-2017-18383HIGHCVSS 7.8EG 7.82019-08-02
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
- CVE-2017-18399LOWCVSS 3.7EG 3.72019-08-02
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
- CVE-2017-18413HIGHCVSS 7.8EG 7.82019-08-02
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →