127 vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当). AI Chinese analysis included.
CWE-280 represents a critical logic flaw where software fails to adequately manage insufficient permissions or privileges during resource access. This weakness typically arises when applications assume elevated rights are always available, leading to unexpected code paths that may leave the system in an invalid or vulnerable state. Attackers exploit this by manipulating user contexts or environment variables to trigger privilege checks that fail silently or incorrectly, potentially bypassing security controls or causing denial of service. To mitigate this risk, developers must implement robust error handling that explicitly validates access rights before executing sensitive operations. By ensuring the application gracefully degrades or denies access when privileges are lacking, rather than proceeding with incomplete or unsafe actions, teams can prevent unauthorized data exposure and maintain system integrity against privilege-related attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-6189 | Improper Permission Handling in M-Files Server — M-Files Server | 4.3 | Medium | 2023-11-22 |
| CVE-2023-43591 | Zoom Rooms 安全漏洞 — Zoom Rooms for macOS | 7.8 | High | 2023-11-14 |
| CVE-2023-43087 | Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 4.3 | Medium | 2023-11-02 |
| CVE-2023-32489 | Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 6.7 | Medium | 2023-08-16 |
| CVE-2023-2480 | Elevation of Privilege in M-Files Desktop Client — M-Files Client | 7.5 | High | 2023-05-25 |
| CVE-2023-2020 | Unauthorized scheduling of downtimes via REST API — Checkmk | 4.3 | Medium | 2023-04-18 |
| CVE-2023-0181 | NVIDIA GPU Display Driver for Windows 安全漏洞 — vGPU software (guest driver - Windows), vGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) | 7.1 | High | 2023-04-01 |
| CVE-2023-28114 | `cilium-cli` disables etcd authorization for clustermesh clusters — cilium-cli | 4.8 | Medium | 2023-03-22 |
| CVE-2023-21421 | SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices | 5.9 | Medium | 2023-02-09 |
| CVE-2022-4863 | Improper Handling of Insufficient Permissions or Privileges in usememos/memos — usememos/memos | 8.1 | - | 2022-12-30 |
| CVE-2022-39912 | SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices | 6.2 | Medium | 2022-12-08 |
| CVE-2022-39885 | SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices | 5.9 | Medium | 2022-11-09 |
| CVE-2022-39886 | SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices | 5.9 | Medium | 2022-11-09 |
| CVE-2022-39872 | SAMSUNG Mobile devices 安全漏洞 — ShareLive | 5.9 | Medium | 2022-10-07 |
| CVE-2022-36874 | SAMSUNG Mobile devices 安全漏洞 — Waterplugin | 5.9 | Medium | 2022-09-09 |
| CVE-2022-34368 | Dell EMC NetWorker 安全漏洞 — NetWorker Management Console | 6.1 | Medium | 2022-08-30 |
| CVE-2022-2193 | HYPR Server 安全漏洞 — HYPR Server | 7.5 | High | 2022-07-19 |
| CVE-2022-30727 | Samsung mobile 安全漏洞 — Samsung Mobile Devices | 6.2 | Medium | 2022-06-07 |
| CVE-2022-30725 | Samsung mobile 安全漏洞 — Samsung Mobile Devices | 4.0 | Medium | 2022-06-07 |
| CVE-2022-30724 | Samsung mobile 安全漏洞 — Samsung Mobile Devices | 4.0 | Medium | 2022-06-07 |
| CVE-2022-30723 | Samsung mobile Bluetooth 安全漏洞 — Samsung Mobile Devices | 4.0 | Medium | 2022-06-07 |
| CVE-2022-30716 | Samsung mobile 安全漏洞 — Samsung Mobile Devices | 4.0 | Medium | 2022-06-07 |
| CVE-2021-37851 | Local Privilege Escalation in ESET product for Windows — ESET NOD32 Antivirus | 7.3 | High | 2022-05-11 |
| CVE-2022-27167 | Arbitrary File Deletion in ESET products for Windows — ESET NOD32 Antivirus | 7.1 | High | 2022-05-10 |
| CVE-2022-22292 | Samsung Telecom 安全漏洞 — Samsung Mobile Devices | 7.1 | High | 2022-02-11 |
| CVE-2022-21814 | Nvidia GPU Display Driver for Linux 安全漏洞 — NVIDIA GPU Display Driver | 6.1 | Medium | 2022-02-07 |
| CVE-2021-37175 | Siemens RUGGEDCOM 授权问题漏洞 — RUGGEDCOM ROX MX5000 | 7.5 | - | 2021-09-14 |
| CVE-2020-10072 | Improper Handling of Insufficient Permissions or Privileges in zephyr — zephyr | 5.9 | Medium | 2021-05-24 |
| CVE-2020-29031 | Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation — GateManager | 7.1 | High | 2021-02-15 |
| CVE-2020-26195 | DELL EMC PowerScale 安全漏洞 — PowerScale OneFS | 5.3 | Medium | 2021-02-09 |
Vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当) represent 127 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.