VYPR

CWE-274

Improper Handling of Insufficient Privileges

BaseDraft

Description

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (12)

  • CVE-2024-0105HigNov 1, 2024
    risk 0.58cvss 8.9epss 0.00

    NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

  • CVE-2024-0106HigNov 1, 2024
    risk 0.57cvss 8.7epss 0.00

    NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and…

  • CVE-2024-46974HigJan 31, 2025
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

  • CVE-2018-6674MedMay 25, 2018
    risk 0.44cvss 6.8epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…

  • CVE-2025-54511MedMay 15, 2026
    risk 0.34cvss epss 0.00

    Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.

  • CVE-2018-6693MedSep 18, 2018
    risk 0.34cvss 5.3epss 0.00

    An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to…

  • CVE-2017-3912MedSep 18, 2018
    risk 0.29cvss 4.4epss 0.00

    Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

  • CVE-2026-33005MedApr 9, 2026
    risk 0.21cvss 4.3epss 0.00

    Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.…

  • CVE-2023-20516LowSep 6, 2025
    risk 0.21cvss 3.3epss 0.00

    Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.

  • CVE-2024-41942Aug 8, 2024
    risk 0.00cvss epss 0.01

    JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively…

  • CVE-2024-21648Jan 8, 2024
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched…

  • CVE-2022-23511Dec 12, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window…