CWE-264
485 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 6 of 10
- CVE-2019-0730HIGHCVSS 7.8EG 7.82019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-080…
- CVE-2019-0731HIGHCVSS 7.8EG 7.82019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-080…
- CVE-2019-0796MEDIUMCVSS 5.5EG 5.52019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-080…
- CVE-2019-10132HIGHCVSS 8.8EG 8.82019-05-22
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd…
- CVE-2019-10709CRITICALCVSS 9.8EG 9.82019-09-04
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
- CVE-2019-10885HIGHCVSS 7.8EG 7.82019-04-05
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resett…
- CVE-2019-11245MEDIUMCVSS 4.9EG 4.92019-08-29
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: tr…
- CVE-2019-11771HIGHCVSS 7.8EG 7.82019-07-17
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
- CVE-2019-11773HIGHCVSS 7.8EG 7.82019-09-12
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
- CVE-2019-12634HIGHCVSS 7.5EG 7.52019-08-21
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a de…
- CVE-2019-12808HIGHCVSS 7.8EG 7.82019-08-13
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execut…
- CVE-2019-13013MEDIUMCVSS 5.5EG 5.52019-08-23
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings a…
- CVE-2019-13014MEDIUMCVSS 5.5EG 5.52019-08-23
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulne…
- CVE-2019-13125HIGHCVSS 7.8EG 7.82019-07-01
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
- CVE-2019-14257HIGHCVSS 7.8EG 7.82019-08-21
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
- CVE-2019-14879MEDIUMCVSS 5.4EG 5.42020-01-07
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
- CVE-2019-15272MEDIUMCVSS 6.5EG 6.52019-10-02
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. T…
- CVE-2019-15275MEDIUMCVSS 6.7EG 6.72019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validatio…
- CVE-2019-15277MEDIUMCVSS 6.7EG 6.72019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker…
- CVE-2019-1591HIGHCVSS 7.8EG 7.82019-03-06
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insuf…
- CVE-2019-1592HIGHCVSS 7.8EG 7.82019-05-03
A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affe…
- CVE-2019-1593HIGHCVSS 7.8EG 7.82019-03-06
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate w…
- CVE-2019-1594HIGHCVSS 7.4EG 7.42019-03-06
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input valida…
- CVE-2019-1596HIGHCVSS 7.8EG 7.82019-03-07
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability…
- CVE-2019-15960MEDIUMCVSS 5.4EG 5.42019-11-26
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be …
- CVE-2019-15996MEDIUMCVSS 6.7EG 6.72019-11-26
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restricti…
- CVE-2019-1600MEDIUMCVSS 4.4EG 4.42019-03-07
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulner…
- CVE-2019-16017MEDIUMCVSS 6.8EG 6.82020-09-23
A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Referenc…
- CVE-2019-1602HIGHCVSS 7.8EG 7.82019-03-08
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improp…
- CVE-2019-1620CRITICALCVSS 9.8EG 9.82019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permis…
- CVE-2019-1621HIGHCVSS 7.5EG 7.52019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrec…
- CVE-2019-1625HIGHCVSS 7.8EG 7.82019-06-20
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. …
- CVE-2019-1626HIGHCVSS 8.8EG 8.82019-06-20
A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly au…
- CVE-2019-1646HIGHCVSS 7.8EG 7.82019-01-24
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized …
- CVE-2019-1648HIGHCVSS 7.8EG 7.82019-01-24
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…
- CVE-2019-1660MEDIUMCVSS 5.3EG 5.32019-02-07
A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due t…
- CVE-2019-1682HIGHCVSS 7.8EG 7.82019-05-03
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerabilit…
- CVE-2019-1723CRITICALCVSS 9.8EG 9.82019-03-13
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have adminis…
- CVE-2019-1727MEDIUMCVSS 6.7EG 6.72019-05-15
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is…
- CVE-2019-1730MEDIUMCVSS 6.7EG 6.72019-05-15
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network…
- CVE-2019-17322MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User inte…
- CVE-2019-17326MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the targe…
- CVE-2019-1803MEDIUMCVSS 6.7EG 6.72019-05-03
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges a…
- CVE-2019-1855HIGHCVSS 7.3EG 7.32019-07-04
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need…
- CVE-2019-1889HIGHCVSS 7.2EG 7.22019-07-04
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vu…
- CVE-2019-18945HIGHCVSS 7.3EG 7.32021-02-26
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
- CVE-2019-1906MEDIUMCVSS 6.5EG 6.52019-06-20
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to…
- CVE-2019-19100HIGHCVSS 7.5EG 7.52020-04-29
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an…
- CVE-2019-19106CRITICALCVSS 9.1EG 9.12020-04-22
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application …
- CVE-2019-19107MEDIUMCVSS 6.2EG 6.22020-04-22
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →