CWE-250 带着不必要的权限执行 类弱点 236 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-250指程序以高于实际所需的最小权限级别执行操作。这种过度授权不仅可能直接引发权限提升漏洞,还会放大其他安全缺陷的后果。攻击者常利用此弱点,通过触发特定功能获取更高系统控制权,从而执行恶意代码或窃取敏感数据。开发者应遵循最小权限原则,在代码中严格限制进程权限,确保仅授予完成任务所必需的最低特权,从而降低潜在安全风险。
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return Truechroot(APP_HOME); chdir("/"); FILE* data = fopen(argv[1], "r+"); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-30617 | Kruise 安全漏洞 — kruise | 6.5 | Medium | 2024-01-03 |
| CVE-2023-33873 | AVEVA Operations Control Logger 安全漏洞 — SystemPlatform | 7.8 | High | 2023-11-15 |
| CVE-2023-6006 | PaperCut NG 安全漏洞 — PaperCut NG, PaperCut MF | 7.8 | High | 2023-11-14 |
| CVE-2023-43018 | IBM CICS TX 安全漏洞 — CICS TX Standard | 5.9 | Medium | 2023-11-02 |
| CVE-2023-27313 | NetApp SnapCenter 安全漏洞 — SnapCenter | 8.3 | High | 2023-10-12 |
| CVE-2023-27312 | NetApp SnapCenter 安全漏洞 — SnapCenter Plugin for VMware vSphere | 5.4 | Medium | 2023-10-12 |
| CVE-2023-1943 | Kubernetes 安全漏洞 — kops | 8.0 | High | 2023-10-11 |
| CVE-2023-5207 | GitLab 安全漏洞 — GitLab | 8.2 | High | 2023-09-30 |
| CVE-2023-4003 | One Identity Password Manager 安全漏洞 — One | 7.6 | High | 2023-09-27 |
| CVE-2023-4662 | Saphira Connect 安全漏洞 — Saphira Connect | 9.8 | Critical | 2023-09-15 |
| CVE-2023-4814 | Trellix Data Loss Prevention 安全漏洞 — Data Loss Prevention Endpoint for Windows | 7.1 | High | 2023-09-14 |
| CVE-2023-31175 | Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 安全漏洞 — SEL-5037 SEL Grid Configurator | 8.8 | High | 2023-08-31 |
| CVE-2023-20217 | Cisco ThousandEyes Enterprise Agent 安全漏洞 — Cisco ThousandEyes Recorder Application | 5.5 | Medium | 2023-08-16 |
| CVE-2023-32486 | Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 6.7 | Medium | 2023-08-16 |
| CVE-2023-38641 | Siemens SICAM TOOLBOX II 安全漏洞 — SICAM TOOLBOX II | 7.8 | High | 2023-08-08 |
| CVE-2023-39508 | Apache Airflow 安全漏洞 — Apache Airflow | 8.8 | - | 2023-08-05 |
| CVE-2023-39261 | JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA | 5.2 | Medium | 2023-07-26 |
| CVE-2023-20210 | Cisco BroadWorks 安全漏洞 — Cisco BroadWorks | 6.0 | Medium | 2023-07-12 |
| CVE-2023-34118 | Zoom Rooms 安全漏洞 — Zoom Rooms for Windows | 7.3 | High | 2023-07-11 |
| CVE-2023-25521 | NVIDIA DGX 安全漏洞 — DGX A100/A800 | 7.5 | High | 2023-07-03 |
| CVE-2023-2002 | Linux kernel 安全漏洞 — Kernel | 8.0 | - | 2023-05-26 |
| CVE-2023-32080 | Wings 安全漏洞 — wings | 9.1 | Critical | 2023-05-10 |
| CVE-2023-1966 | Illumina Universal Copy Service 安全漏洞 — iScan Control Software | 7.4 | High | 2023-04-28 |
| CVE-2023-0664 | QEMU Guest Agent 安全漏洞 — QEMU | 7.8 | - | 2023-03-29 |
| CVE-2022-34384 | Dell SupportAssist Client 安全漏洞 — SupportAssist Client Consumer | 7.8 | High | 2023-02-10 |
| CVE-2022-41290 | IBM AIX 安全漏洞 — AIX | 8.4 | High | 2022-12-23 |
| CVE-2022-43553 | Ubiquiti EdgeRouters 安全漏洞 — EdgeMAX EdgeRouter | 8.8 | - | 2022-12-05 |
| CVE-2022-3088 | MOXA ARM-Based Computers 安全漏洞 — UC-8100A-ME-T System Imaage | 7.8 | High | 2022-11-22 |
| CVE-2022-41950 | Super Xray 安全漏洞 — super-xray | 6.4 | Medium | 2022-11-22 |
| CVE-2022-22239 | Juniper Networks Junos OS 安全漏洞 — Junos OS Evolved | 8.2 | High | 2022-10-18 |
CWE-250(带着不必要的权限执行) 是常见的弱点类别,本平台收录该类弱点关联的 236 条 CVE 漏洞。