CWE-274
Improper Handling of Insufficient Privileges
BaseDraft
Description
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Hierarchy (View 1000)
CVEs mapped to this weakness (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-0105 | Hig | 0.58 | 8.9 | 0.00 | Nov 1, 2024 | NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | |
| CVE-2024-0106 | Hig | 0.57 | 8.7 | 0.00 | Nov 1, 2024 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | |
| CVE-2024-46974 | Hig | 0.51 | 7.8 | 0.00 | Jan 31, 2025 | Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers. | |
| CVE-2025-54511 | Med | 0.34 | — | 0.00 | May 15, 2026 | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability. | |
| CVE-2026-33005 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2026 | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object. This issue affects Apache OpenMeetings: from 3.10 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue. | |
| CVE-2023-20516 | Low | 0.21 | 3.3 | 0.00 | Sep 6, 2025 | Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. |