Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-280

CWE-280

Improper Handling of Insufficient Permissions or Privileges

Parent: CWE-755 - Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

144 vulnerabilities with CWE-280

CVE-2023-42931 HIGH

macOS < Ventura 13.6.3 - Privilege Escalation

CVE-2023-41972 HIGH

Win ZApp <4.3.0.121 - Info Disclosure

CVE-2023-39249 MEDIUM

Dell SupportAssist for Business PCs 3.4.0 - Local Privilege Escalation via Run as Admin Feature

CVE-2023-25543 HIGH

Dell Power Manager < 3.14 - Privilege Escalation via DPM Service

CVE-2023-6189 MEDIUM

M-Files <23.11.13156.0 - Privilege Escalation

CVE-2023-43591 HIGH

Zoom Rooms for macOS <5.16.0 - Privilege Escalation

CVE-2023-43087 MEDIUM

Dell PowerScale OneFS <9.5.0 - Info Disclosure

CVE-2023-32489 MEDIUM

Dell PowerScale OneFS 9.2.1.0-9.2.1.21 and 9.5.0.0-9.5.0.2 - Privilege Escalation via Mode Protection Bypass

CVE-2023-2480 HIGH

M-Files < 23.5.12598.0 - Privilege Escalation via UI Extension Applications

CVE-2023-2020 MEDIUM

Checkmk <= 2.1.0p27 and <= 2.2.0b4 - Unauthorized Downtime Scheduling via REST API

CVE-2023-0181 HIGH

NVIDIA GPU Display Driver - Memory Corruption

CVE-2023-28114 MEDIUM

cilium-cli < 0.13.2 - Permission Enforcement Removal via Incorrect Mount Point

CVE-2023-27087 HIGH

xxl-job 2.2.0-2.3.1 - Unauthenticated Sensitive Information Exposure via pageList Parameter

CVE-2023-21421 MEDIUM

Samsung Android KnoxCustomManagerService - Improper Privilege Management

CVE-2023-22737 MEDIUM

wire-server < 2022-12-09 - Unauthenticated Bot Removal via Missing Permissions Check

CVE-2022-4863 MEDIUM

GitHub usememos/memos <0.9.1 - Info Disclosure

CVE-2022-39912 MEDIUM

Android < 13.0 - Improper Handling of Insufficient Permissions in PersonaManagerService

CVE-2022-39886 MEDIUM

Android - Improper Access Control in IpcRxServiceModeBigDataInfo

CVE-2022-39885 MEDIUM

Android DeviceManagement - Improper Access Control in BootCompletedReceiver_CMCC

CVE-2022-39872 MEDIUM

Samsung ShareLive < 13.2.03.5 - MAC Address Leak via Broadcast Intent

CVE-2022-36874 MEDIUM

Samsung Galaxy Watch Plugin < 2.2.11.22040751 - Unauthorized Device Information Disclosure

CVE-2022-34368 MEDIUM

Dell EMC NetWorker 19.2.1.x-19.7.0.0 - Authenticated Privilege Escalation

CVE-2022-2193 HIGH

HYPR Server <6.14.1 - Code Injection

CVE-2022-30727 MEDIUM

PersonaManagerService <SMR Jun-2022 Release 1 - Info Disclosure

CVE-2022-30725 MEDIUM

Bluetooth <SMR Jun-2022 Release 1 - Info Disclosure

Previous Page 5 of 6 Next

Details

Vulnerabilities 144

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy