CVEbaza.plCWE DictionaryCWE-274
Common Weakness Enumeration

CWE-274

Improper Handling of Insufficient Privileges

Category: BaseCVE: 41
Description

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

CVE vulnerabilities with CWE-274 (41)
9.9
CVSS
CRITICAL
CVE-2025-20156

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.

pub. 2025-01-22
9.8
CVSS
CRITICAL
CVE-2025-29365

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.

pub. 2025-08-22
8.9
CVSS
HIGH
CVE-2024-0105

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

pub. 2024-11-01
8.8
CVSS
HIGH
CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7266

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7267

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.7
CVSS
HIGH
CVE-2024-0106

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

pub. 2024-11-01
8.4
CVSS
HIGH
CVE-2023-35928

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.

pub. 2023-06-23
8.0
CVSS
HIGH
CVE-2024-21648

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.

pub. 2024-01-09
7.8
CVSS
HIGH
CVE-2024-46974

Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

pub. 2025-01-31
7.8
CVSS
HIGH
CVE-2020-24676

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

pub. 2020-12-22
7.8
CVSS
HIGH
CVE-2020-7285

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7286

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7287

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7288

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7289

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7290

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7291

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.5
CVSS
HIGH
CVE-2023-39375

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

pub. 2023-09-27
Showing 20 of 41 vulnerabilities
Information
ID: CWE-274
Type: Base
Vulnerabilities: 41
MITRE CWE ↗
← CWE Dictionary