CWE-269 特权管理不恰当 类弱点 1017 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-269 属于权限管理不当漏洞,指产品未能正确分配、修改、跟踪或检查用户权限,导致攻击者获得非预期的控制范围。攻击者常利用此缺陷提升权限或越权访问敏感资源。开发者应实施最小权限原则,严格验证每次操作的身份与权限,确保权限分配、变更及撤销过程的安全性与完整性,从而防止未授权访问。
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return Trueseteuid(0); /* do some stuff */ seteuid(getuid());| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2021-31359 | Juniper Networks Junos OS 权限许可和访问控制问题漏洞 — Junos OS | 7.8 | High | 2021-10-19 |
| CVE-2021-31350 | Juniper Networks Junos OS 安全漏洞 — Junos OS | 7.5 | High | 2021-10-19 |
| CVE-2021-27664 | Johnson Controls exacqVision Web Service 安全漏洞 — exacqVision Web Service | 9.8 | Critical | 2021-10-11 |
| CVE-2021-34766 | Cisco Smart Software Manager 安全漏洞 — Cisco Smart Software Manager On-Prem | 5.4 | Medium | 2021-10-06 |
| CVE-2021-23893 | McAfee Drive Encryption 安全漏洞 — McAfee Drive Encryption (MDE) | 8.8 | High | 2021-10-01 |
| CVE-2021-31836 | Mcafee McAfee Agent 安全漏洞 — McAfee Agent for Windows | 5.6 | Medium | 2021-09-22 |
| CVE-2021-31847 | Mcafee McAfee Agent 安全漏洞 — McAfee Agent for Windows | 8.2 | High | 2021-09-22 |
| CVE-2021-37173 | Siemens RUGGEDCOM 信息泄露漏洞 — RUGGEDCOM ROX MX5000 | 7.5 | - | 2021-09-14 |
| CVE-2021-38540 | Apache Airflow 授权问题漏洞 — Apache Airflow | 9.8 | - | 2021-09-09 |
| CVE-2021-30355 | Amazon Kindle e-reader 安全漏洞 — Amazon Kindle e-reader | 8.6 | - | 2021-09-01 |
| CVE-2021-37911 | BenQ EH600安全漏洞 — EH600 OTA | 8.8 | High | 2021-08-30 |
| CVE-2021-39167 | OpenZepplin 安全漏洞 — openzeppelin-contracts | 10.0 | Critical | 2021-08-26 |
| CVE-2021-39168 | OpenZepplin 安全漏洞 — openzeppelin-contracts-upgradeable | 10.0 | Critical | 2021-08-26 |
| CVE-2021-24602 | WordPress plugin HM Multiple Roles 安全漏洞 — HM Multiple Roles | 8.8 | - | 2021-08-23 |
| CVE-2021-24038 | Facebook Oculus Desktop 安全漏洞 — Oculus Desktop | 7.8 | - | 2021-08-18 |
| CVE-2021-34745 | AppDynamics.NET Agent for Windows 安全漏洞 — AppDynamics .NET Agent for Windows | 7.8 | High | 2021-08-18 |
| CVE-2021-37627 | Contao 权限许可和访问控制问题漏洞 — contao | 8.0 | High | 2021-08-11 |
| CVE-2021-33526 | MB connect line mbDIALUP 安全漏洞 — mbDIALUP | 7.8 | High | 2021-08-02 |
| CVE-2021-31581 | Akkadian Provisioning Manager 安全漏洞 — Provisioning Manager Engine (PME) | 7.9 | High | 2021-07-22 |
| CVE-2021-25442 | Samsung KCS授权问题漏洞 — Knox Mobile Enrollment | 9.1 | - | 2021-07-08 |
| CVE-2021-25429 | Bluetooth 安全漏洞 — Samsung Mobile Devices | 3.5 | - | 2021-07-08 |
| CVE-2021-25428 | PackageManager安全漏洞 — Samsung Mobile Devices | 7.8 | - | 2021-07-08 |
| CVE-2021-34621 | WordPress 访问控制错误漏洞 — ProfilePress | 9.8 | Critical | 2021-07-07 |
| CVE-2021-34622 | WordPress 安全漏洞 — ProfilePress | 9.8 | Critical | 2021-07-07 |
| CVE-2021-27661 | Johnson Controls Facility Explorer 安全漏洞 — Facility Explorer SNC Series Supervisory Controllers (F4-SNC) | 8.8 | High | 2021-07-01 |
| CVE-2021-33538 | Weidmueller Industrial WLAN 安全漏洞 — IE-WL(T)-BL-AP-CL-XX | 8.8 | High | 2021-06-25 |
| CVE-2021-34810 | Synology Download Station 安全漏洞 — Download Station | 9.9 | Critical | 2021-06-18 |
| CVE-2021-27483 | ZOLL Defibrillator Dashboard 安全漏洞 — ZOLL Defibrillator Dashboard | 7.8 | - | 2021-06-16 |
| CVE-2021-25418 | Samsung Mobile Samsung Internet 安全漏洞 — Samsung Internet | 7.8 | - | 2021-06-11 |
| CVE-2021-28814 | QNAP Systems NAS 安全漏洞 — Helpdesk | 8.8 | High | 2021-06-11 |
CWE-269(特权管理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 1017 条 CVE 漏洞。