CVEbaza.plSłownik CWECWE-274
Common Weakness Enumeration

CWE-274

Improper Handling of Insufficient Privileges

Kategoria: BaseCVE: 41
Opis

Produkt nie obsługuje lub nieprawidłowo obsługuje sytuacje, w których nie posiada wystarczających uprawnień do wykonania operacji, co prowadzi do powstania innych słabości bezpieczeństwa. Może to skutkować nieoczekiwanym zachowaniem systemu lub ujawnieniem poufnych informacji.

Description (EN)

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

Podatności CVE z CWE-274 (41)
9.9
CVSS
CRITICAL
CVE-2025-20156

Podatność w REST API produktu Cisco Meeting Management umożliwia uwierzytelnionemu zdalnemu atakującemu z niskimi uprawnieniami uzyskanie pełnych uprawnień administratora. Ocena CVSS 9.9 (Critical) wskazuje na wyjątkowo wysokie ryzyko dla środowisk korzystających z tego rozwiązania.

pub. 2025-01-22
9.8
CVSS
CRITICAL
CVE-2025-29365

Symulator MIPS SPIM (spimsimulator) w wersji 9.1.24 i wcześniejszych zawiera krytyczną podatność typu buffer overflow w funkcji READ_STRING_SYSCALL. Umożliwia ona atakującemu zdalne wykonanie kodu lub przejęcie kontroli nad procesem bez żadnego uwierzytelnienia.

pub. 2025-08-22
8.9
CVSS
HIGH
CVE-2024-0105

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

pub. 2024-11-01
8.8
CVSS
HIGH
CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7266

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.8
CVSS
HIGH
CVE-2020-7267

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

pub. 2020-05-08
8.7
CVSS
HIGH
CVE-2024-0106

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

pub. 2024-11-01
8.4
CVSS
HIGH
CVE-2023-35928

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.

pub. 2023-06-23
8.0
CVSS
HIGH
CVE-2024-21648

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.

pub. 2024-01-09
7.8
CVSS
HIGH
CVE-2024-46974

Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

pub. 2025-01-31
7.8
CVSS
HIGH
CVE-2020-24676

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

pub. 2020-12-22
7.8
CVSS
HIGH
CVE-2020-7285

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7286

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7287

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7288

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7289

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7290

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.8
CVSS
HIGH
CVE-2020-7291

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

pub. 2020-05-08
7.5
CVSS
HIGH
CVE-2023-39375

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

pub. 2023-09-27
Pokazano 20 z 41 podatności
Informacje
ID: CWE-274
Typ: Base
Podatności: 41
MITRE CWE ↗
← Słownik CWE