Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-274 (不充分特权处理不恰当) — Vulnerability Class 33

33 vulnerabilities classified as CWE-274 (不充分特权处理不恰当). AI Chinese analysis included.

CWE-274 represents a critical software weakness where applications fail to properly manage situations involving insufficient system privileges. This flaw typically arises when a program assumes elevated permissions are available or ignores error codes indicating restricted access, leading to unexpected behavior or security breaches. Attackers often exploit this by manipulating the execution environment or injecting malicious inputs that trigger privilege-related failures, potentially allowing unauthorized data access or system compromise. To mitigate this risk, developers must implement robust error handling routines that explicitly check for privilege levels before executing sensitive operations. By validating permissions and gracefully handling denial-of-service scenarios, programmers ensure that applications degrade safely rather than exposing underlying vulnerabilities. This proactive approach prevents attackers from leveraging privilege mismatches to bypass security controls, thereby maintaining the integrity and confidentiality of the software system.

MITRE CWE Description
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Common Consequences (1)
OtherOther, Alter Execution Logic
CVE IDTitleCVSSSeverityPublished
CVE-2026-33005 Apache OpenMeetings: Insufficient checks in FileWebService — Apache OpenMeetings 4.3AIMediumAI2026-04-09
CVE-2023-20516 AMD Graphics Driver 安全漏洞 — AMD Instinct™ MI250 3.3 Low2025-09-06
CVE-2025-20177 Cisco IOS XR Software Image Verification Bypass Vulnerability — Cisco IOS XR Software 6.7 Medium2025-03-12
CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability — Cisco Meeting Management 9.9 Critical2025-01-22
CVE-2024-12666 ClassCMS User Management Page admin insufficient privileges — ClassCMS 4.7 Medium2024-12-16
CVE-2024-0106 NVIDIA BlueField 安全漏洞 — BlueField 1 8.7 High2024-11-01
CVE-2024-0105 NVIDIA ConnectX和NVIDIA BlueField 安全漏洞 — ConnectX4 8.9 High2024-11-01
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope — jupyterhub 7.2 High2024-08-08
CVE-2024-20324 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 5.5 Medium2024-03-27
CVE-2024-21648 XWiki has no right protection on rollback action — xwiki-platform 8.0 High2024-01-08
CVE-2023-39375 SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges — SiberianCMS 7.5 High2023-09-26
CVE-2023-32494 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2023-08-16
CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users — security-advisories 8.5 High2023-06-23
CVE-2022-45101 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.3 High2023-02-01
CVE-2022-0668 JFrog Artifactory 安全漏洞 — JFrog Artifactory 5.3 Medium2023-01-08
CVE-2022-23511 Amazon CloudWatch Agent 安全漏洞 — amazon-cloudwatch-agent 7.1 High2022-12-12
CVE-2022-25782 Insufficient privilege checks on object access and updates. — GateManager 5.4 Medium2022-05-04
CVE-2022-23160 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 5.4 Medium2022-04-12
CVE-2021-35534 Insufficient Security Control Vulnerability — Relion 670 Series 7.2 High2021-11-18
CVE-2020-24676 Insecure Windows Services in Symphony Plus — ABB Ability™ Symphony® Plus Operations 7.8 High2020-12-22
CVE-2020-7283 Privilege Escalation vulnerability in McAfee Total Protection (MTP) — McAfee Total Protection (MTP) 7.5 High2020-07-03
CVE-2020-7290 Privilege Escalation vulnerability in MAR for Linux — McAfee Active Response (MAR) for Linux 7.8 High2020-05-08
CVE-2020-7291 Privilege Escalation vulnerability MAR for Mac — McAfee Active Response (MAR) for Mac 7.8 High2020-05-08
CVE-2020-7287 Privilege Escalation vulnerability in EDR for Linux — McAfee Exploit Detection and Response (EDR) for Linux 7.8 High2020-05-08
CVE-2020-7288 Privilege Escalation vulnerability in EDR for Mac — McAfee Exploit Detection and Response (EDR) for Mac 7.8 High2020-05-08
CVE-2020-7289 Privilege Escalation vulnerability in MAR for Windows — McAfee Active Response (MAR) for Windows 7.8 High2020-05-08
CVE-2020-7285 Privilege Escalation vulnerability in MVISION Endpoint — McAfee MVISION Endpoint 7.8 High2020-05-08
CVE-2020-7286 Privilege Escalation vulnerability in EDR for Windows — McAfee Exploit Detection and Response (EDR) for Windows 7.8 High2020-05-08
CVE-2020-7267 Privilege Escalation vulnerability through symbolic links in VSEL — McAfee VirusScan Enterprise (VSE) for Linux 8.8 High2020-05-08
CVE-2020-7266 Privilege Escalation vulnerability through symbolic links in VSE for Windows — McAfee VirusScan Enterprise (VSE) for Windows 8.8 High2020-05-08

Vulnerabilities classified as CWE-274 (不充分特权处理不恰当) represent 33 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.