CWE-274 不充分特权处理不恰当 类弱点 33 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-274属于权限处理缺陷,指软件在权限不足时未能正确应对操作请求。攻击者通常通过构造低权限环境或模拟受限用户,触发程序异常行为,如拒绝服务、数据泄露或逻辑绕过。开发者应避免直接暴露底层错误,需实施严格的权限校验机制,确保在权限不足时返回通用错误提示并安全终止操作,同时遵循最小权限原则,从源头降低风险。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-33005 | Apache OpenMeetings 安全漏洞 — Apache OpenMeetings | 4.3AI | MediumAI | 2026-04-09 |
| CVE-2023-20516 | AMD Graphics Driver 安全漏洞 — AMD Instinct™ MI250 | 3.3 | Low | 2025-09-06 |
| CVE-2025-20177 | Cisco IOS XR 安全漏洞 — Cisco IOS XR Software | 6.7 | Medium | 2025-03-12 |
| CVE-2025-20156 | Cisco Meeting Management 安全漏洞 — Cisco Meeting Management | 9.9 | Critical | 2025-01-22 |
| CVE-2024-12666 | ClassCMS 安全漏洞 — ClassCMS | 4.7 | Medium | 2024-12-16 |
| CVE-2024-0106 | NVIDIA BlueField 安全漏洞 — BlueField 1 | 8.7 | High | 2024-11-01 |
| CVE-2024-0105 | NVIDIA ConnectX和NVIDIA BlueField 安全漏洞 — ConnectX4 | 8.9 | High | 2024-11-01 |
| CVE-2024-41942 | JupyterHub 安全漏洞 — jupyterhub | 7.2 | High | 2024-08-08 |
| CVE-2024-20324 | Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software | 5.5 | Medium | 2024-03-27 |
| CVE-2024-21648 | XWiki Platform 安全漏洞 — xwiki-platform | 8.0 | High | 2024-01-08 |
| CVE-2023-39375 | Siberian 安全漏洞 — SiberianCMS | 7.5 | High | 2023-09-26 |
| CVE-2023-32494 | Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 6.7 | Medium | 2023-08-16 |
| CVE-2023-35928 | Nextcloud 安全漏洞 — security-advisories | 8.5 | High | 2023-06-23 |
| CVE-2022-45101 | Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 7.3 | High | 2023-02-01 |
| CVE-2022-0668 | JFrog Artifactory 安全漏洞 — JFrog Artifactory | 5.3 | Medium | 2023-01-08 |
| CVE-2022-23511 | Amazon CloudWatch Agent 安全漏洞 — amazon-cloudwatch-agent | 7.1 | High | 2022-12-12 |
| CVE-2022-25782 | Secomea GateManager 安全漏洞 — GateManager | 5.4 | Medium | 2022-05-04 |
| CVE-2022-23160 | Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 5.4 | Medium | 2022-04-12 |
| CVE-2021-35534 | Hitachi Energy Relion 访问控制错误漏洞 — Relion 670 Series | 7.2 | High | 2021-11-18 |
| CVE-2020-24676 | ABB Symphony Plus Operations和ABB Symphony Plus Historian 授权问题漏洞 — ABB Ability™ Symphony® Plus Operations | 7.8 | High | 2020-12-22 |
| CVE-2020-7283 | McAfee Total Protection 安全漏洞 — McAfee Total Protection (MTP) | 7.5 | High | 2020-07-03 |
| CVE-2020-7290 | McAfee Active Response 安全漏洞 — McAfee Active Response (MAR) for Linux | 7.8 | High | 2020-05-08 |
| CVE-2020-7291 | McAfee Active Response 安全漏洞 — McAfee Active Response (MAR) for Mac | 7.8 | High | 2020-05-08 |
| CVE-2020-7287 | McAfee Endpoint Detection and Response 安全漏洞 — McAfee Exploit Detection and Response (EDR) for Linux | 7.8 | High | 2020-05-08 |
| CVE-2020-7288 | McAfee Endpoint Detection and Response 安全漏洞 — McAfee Exploit Detection and Response (EDR) for Mac | 7.8 | High | 2020-05-08 |
| CVE-2020-7289 | McAfee Active Response 安全漏洞 — McAfee Active Response (MAR) for Windows | 7.8 | High | 2020-05-08 |
| CVE-2020-7285 | McAfee MVISION Endpoint 安全漏洞 — McAfee MVISION Endpoint | 7.8 | High | 2020-05-08 |
| CVE-2020-7286 | McAfee Endpoint Detection and Response 安全漏洞 — McAfee Exploit Detection and Response (EDR) for Windows | 7.8 | High | 2020-05-08 |
| CVE-2020-7267 | McAfee VirusScan Enterprise 安全漏洞 — McAfee VirusScan Enterprise (VSE) for Linux | 8.8 | High | 2020-05-08 |
| CVE-2020-7266 | McAfee VirusScan Enterprise 安全漏洞 — McAfee VirusScan Enterprise (VSE) for Windows | 8.8 | High | 2020-05-08 |
CWE-274(不充分特权处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 33 条 CVE 漏洞。