CWE-274
Improper Handling of Insufficient Privileges
Description
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Hierarchy (View 1000)
CVEs mapped to this weakness (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0105 | Hig | 0.58 | 8.9 | 0.00 | Nov 1, 2024 | NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | ||
| CVE-2024-0106 | Hig | 0.57 | 8.7 | 0.00 | Nov 1, 2024 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and… | ||
| CVE-2024-46974 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 31, 2025 | Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers. | |
| CVE-2018-6674 | Med | 0.44 | 6.8 | 0.00 | May 25, 2018 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges… | ||
| CVE-2025-54511 | Med | 0.34 | — | 0.00 | May 15, 2026 | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability. | ||
| CVE-2018-6693 | Med | 0.34 | 5.3 | 0.00 | Sep 18, 2018 | An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to… | ||
| CVE-2017-3912 | Med | 0.29 | 4.4 | 0.00 | Sep 18, 2018 | Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | ||
| CVE-2026-33005 | Med | 0.21 | 4.3 | 0.00 | Apr 9, 2026 | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.… | ||
| CVE-2023-20516 | Low | 0.21 | 3.3 | 0.00 | Sep 6, 2025 | Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | ||
| CVE-2024-41942 | 0.00 | — | 0.01 | Aug 8, 2024 | JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively… | |||
| CVE-2024-21648 | 0.00 | — | 0.01 | Jan 8, 2024 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched… | |||
| CVE-2022-23511 | — | 0.00 | — | 0.00 | Dec 12, 2022 | A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window… |
- risk 0.58cvss 8.9epss 0.00
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
- risk 0.57cvss 8.7epss 0.00
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and…
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
- risk 0.44cvss 6.8epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…
- risk 0.34cvss —epss 0.00
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
- risk 0.34cvss 5.3epss 0.00
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to…
- risk 0.29cvss 4.4epss 0.00
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
- risk 0.21cvss 4.3epss 0.00
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.…
- risk 0.21cvss 3.3epss 0.00
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
- CVE-2024-41942Aug 8, 2024risk 0.00cvss —epss 0.01
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively…
- CVE-2024-21648Jan 8, 2024risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched…
- CVE-2022-23511Dec 12, 2022risk 0.00cvss —epss 0.00
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window…