CWE-264
485 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 5 of 10
- CVE-2017-18450MEDIUMCVSS 4.5EG 4.52019-08-02
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).
- CVE-2017-18451MEDIUMCVSS 5.3EG 5.32019-08-02
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
- CVE-2017-18455LOWCVSS 2.7EG 2.72019-08-02
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
- CVE-2017-18584HIGHCVSS 7.5EG 7.52019-08-22
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
- CVE-2017-8228HIGHCVSS 8.8EG 8.82019-07-03
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that…
- CVE-2017-8230HIGHCVSS 8.8EG 8.82019-07-03
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" gro…
- CVE-2017-9711MEDIUMCVSS 6.7EG 6.72024-11-22
Certain unprivileged processes are able to perform IOCTL calls.
- CVE-2018-0089HIGHCVSS 7.5EG 7.52018-01-18
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconn…
- CVE-2018-0092HIGHCVSS 7.1EG 7.12018-01-18
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete …
- CVE-2018-0095HIGHCVSS 7.8EG 7.82018-01-18
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain ro…
- CVE-2018-0096MEDIUMCVSS 5.9EG 5.92018-01-18
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify anothe…
- CVE-2018-0130CRITICALCVSS 9.8EG 9.82018-02-22
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerabil…
- CVE-2018-0152HIGHCVSS 8.8EG 8.82018-03-28
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does …
- CVE-2018-0169HIGHCVSS 7.8EG 7.82018-03-28
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the …
- CVE-2018-0176HIGHCVSS 7.8EG 7.82018-03-28
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the …
- CVE-2018-0183MEDIUMCVSS 6.7EG 6.72018-03-28
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. T…
- CVE-2018-0184MEDIUMCVSS 6.7EG 6.72018-03-28
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. T…
- CVE-2018-0213HIGHCVSS 8.8EG 8.82018-03-08
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An att…
- CVE-2018-0284MEDIUMCVSS 6.5EG 6.52018-11-08
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requ…
- CVE-2018-0293HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess v…
- CVE-2018-0294MEDIUMCVSS 6.7EG 6.72018-06-20
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists bec…
- CVE-2018-0317HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An …
- CVE-2018-0322HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vu…
- CVE-2018-0330HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerab…
- CVE-2018-0336HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authoriza…
- CVE-2018-0352MEDIUMCVSS 6.7EG 6.72018-06-07
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user creden…
- CVE-2018-0398CRITICALCVSS 9.8EG 9.82018-07-18
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.
- CVE-2018-0399CRITICALCVSS 9.8EG 9.82018-07-18
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
- CVE-2018-0417HIGHCVSS 7.8EG 7.82018-10-17
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. T…
- CVE-2018-0432HIGHCVSS 8.8EG 8.82018-10-05
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…
- CVE-2018-0437HIGHCVSS 7.8EG 7.82018-10-05
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user c…
- CVE-2018-0440HIGHCVSS 7.2EG 7.22018-10-05
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to…
- CVE-2018-0453HIGHCVSS 8.2EG 8.22018-10-05
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with…
- CVE-2018-0463HIGHCVSS 7.5EG 7.52018-10-05
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affecte…
- CVE-2018-10239MEDIUMCVSS 6.7EG 6.72019-06-17
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions w…
- CVE-2018-11461MEDIUMCVSS 6.6EG 6.62018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2018-11462CRITICALCVSS 9.8EG 9.82018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2018-13801HIGHCVSS 8.8EG 8.82018-10-10
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privi…
- CVE-2018-13802HIGHCVSS 7.2EG 7.22018-10-10
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Su…
- CVE-2018-15370MEDIUMCVSS 6.8EG 6.82018-10-05
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an aff…
- CVE-2018-5468CRITICALCVSS 9.8EG 9.82018-03-26
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
- CVE-2018-5472CRITICALCVSS 9.8EG 9.82018-03-26
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary c…
- CVE-2018-6674MEDIUMCVSS 6.8EG 3.92018-05-25
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator gr…
- CVE-2018-7500CRITICALCVSS 9.8EG 9.82018-03-14
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
- CVE-2018-7505CRITICALCVSS 9.8EG 9.82018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP applicat…
- CVE-2019-0121HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-0128HIGHCVSS 7.8EG 7.82019-06-13
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.
- CVE-2019-0129HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-0135HIGHCVSS 7.8EG 7.82019-03-14
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206
- CVE-2019-0164HIGHCVSS 7.3EG 7.32019-06-13
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →