CWE-264CWE-264: Permissions, Privileges, and Access Controls

Category: authz

Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

References

  1. https://cwe.mitre.org/data/definitions/264.html

Compliance frameworks addressing this (incoming)3

TypeTargetConfidenceTier
ComplianceControldora-art5100%live
ComplianceControldora-art8100%live
ComplianceControliso27001-a.8.9100%live

(incoming)33

TypeTargetConfidenceTier
VulnerabilityCVE-2025-5321cve-2025-53210%live
VulnerabilityCVE-2026-20046cve-2026-200460%live
KEVEntryOracle VirtualBox Insufficient Input Validation Vulnerabilitykev-cve-2008-34310%live
KEVEntryMicrosoft Windows Kernel Exception Handler Vulnerabilitykev-cve-2010-02320%live
KEVEntryRed Hat JBoss Authentication Bypass Vulnerabilitykev-cve-2010-07380%live
KEVEntryRed Hat JBoss Information Disclosure Vulnerabilitykev-cve-2010-14280%live
KEVEntryExim Privilege Escalation Vulnerabilitykev-cve-2010-43450%live
KEVEntryMicrosoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerabilitykev-cve-2011-20050%live
KEVEntryOracle JRE Remote Code Execution Vulnerabilitykev-cve-2013-04220%live
KEVEntryAdobe ColdFusion Directory Traversal Vulnerabilitykev-cve-2013-06290%live
KEVEntryAdobe Flash Player Incorrect Default Permissions Vulnerabilitykev-cve-2013-06430%live
KEVEntryIBM InfoSphere BigInsights Invalid Input Vulnerabilitykev-cve-2013-39930%live
KEVEntryMicrosoft Internet Explorer Privilege Escalation Vulnerabilitykev-cve-2014-28170%live
KEVEntryMicrosoft IME Japanese Privilege Escalation Vulnerabilitykev-cve-2014-40770%live
KEVEntryMicrosoft Win32k Privilege Escalation Vulnerabilitykev-cve-2014-41130%live
KEVEntryMicrosoft Internet Explorer Privilege Escalation Vulnerabilitykev-cve-2014-41230%live
KEVEntryMicrosoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerabilitykev-cve-2014-63240%live
KEVEntryMicrosoft Internet Explorer ASLR Bypass Vulnerabilitykev-cve-2015-00710%live
KEVEntryAdobe Flash Player ASLR Bypass Vulnerabilitykev-cve-2015-03100%live
KEVEntryMicrosoft Win32k Privilege Escalation Vulnerabilitykev-cve-2015-17010%live
KEVEntryMicrosoft Windows Mount Manager Privilege Escalation Vulnerabilitykev-cve-2015-17690%live
KEVEntryMicrosoft ATM Font Driver Privilege Escalation Vulnerabilitykev-cve-2015-23870%live
KEVEntryMicrosoft Windows Kernel Privilege Escalation Vulnerabilitykev-cve-2015-61750%live
KEVEntryMicrosoft Windows Kernel Privilege Escalation Vulnerabilitykev-cve-2016-00400%live
KEVEntryMicrosoft Windows Secondary Logon Service Privilege Escalation Vulnerabilitykev-cve-2016-00990%live
KEVEntryMicrosoft Windows CSRSS Security Feature Bypass Vulnerabilitykev-cve-2016-01510%live
KEVEntryMicrosoft Win32k Privilege Escalation Vulnerabilitykev-cve-2016-01650%live
KEVEntryMicrosoft Win32k Privilege Escalation Vulnerabilitykev-cve-2016-01670%live
KEVEntryMicrosoft Office OLE DLL Side Loading Vulnerabilitykev-cve-2016-32350%live
KEVEntryMicrosoft Windows Kernel Privilege Escalation Vulnerabilitykev-cve-2016-33090%live

Showing top 30 of 33 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Privilege Abuse
CWE
Privilege Chaining
CWE
Privilege Defined With Unsafe Actions
CWE
Incorrect Execution-Assigned Permissions
CWE
Incorrect Privilege Assignment
CWE
Improper Access Control
Sourced from MITRE CWE 2024. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.