CWE-354 完整性检查值验证不恰当 类弱点 63 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-354 属于完整性校验失效漏洞,指产品未正确验证消息的校验和或完整性检查值。攻击者常利用此缺陷篡改传输中的数据,而系统因无法检测修改导致处理恶意或损坏信息。开发者应严格遵循协议规范,在数据使用前实施正确的校验算法,确保数据未被篡改,从而有效规避此类安全风险。
sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET; serv.sin_addr.s_addr = htonl(INADDR_ANY); servr.sin_port = htons(1008); bind(sd, (struct sockaddr *) & serv, sizeof(serv)); while (1) { memset(msg, 0x0, MAX_MSG); clilen = sizeof(cli); if (inet_ntoa(cli.sin_addr)==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen); }while(true) { DatagramPacket packet = new DatagramPacket(data,data.length,IPAddress, port); socket.send(sendPacket); }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-47089 | Apex Softcell LD Geo 安全漏洞 — LD Geo | 8.1AI | HighAI | 2024-09-19 |
| CVE-2024-45789 | Reedos aiM-Star 安全漏洞 — Mutual Fund Distribution Product (aiM-Star) | 6.5AI | MediumAI | 2024-09-11 |
| CVE-2024-41909 | Apache MINA SSHD 安全漏洞 — Apache MINA SSHD | - | -AI | 2024-08-12 |
| CVE-2024-34714 | Hoppscotch 安全漏洞 — hoppscotch-extension | 7.6 | High | 2024-05-14 |
| CVE-2024-3727 | image 安全漏洞 | 8.3 | High | 2024-05-09 |
| CVE-2024-23462 | Zscaler Client Connector 安全漏洞 — Client Connector | 3.3 | Low | 2024-05-02 |
| CVE-2024-23461 | Zscaler Client Connector 安全漏洞 — Client Connector | 4.2 | Medium | 2024-05-02 |
| CVE-2023-41970 | Zscaler Client Connector 安全漏洞 — Client Connector | 6.0 | Medium | 2024-05-02 |
| CVE-2024-32883 | MCUboot 安全漏洞 — mcuboot | 7.7 | High | 2024-04-26 |
| CVE-2023-28802 | Zscaler Client Connector 安全漏洞 — Client Connector | 4.9 | Medium | 2023-11-21 |
| CVE-2023-28002 | Fortinet FortiOS 安全漏洞 — FortiOS | 5.8 | Medium | 2023-11-14 |
| CVE-2023-4929 | MOXA NPort 5000 Series 安全漏洞 — NPort 5000AI-M12 Series | 6.5 | Medium | 2023-10-03 |
| CVE-2023-2975 | OpenSSL 授权问题漏洞 — OpenSSL | 7.5 | - | 2023-07-14 |
| CVE-2023-36537 | Zoom Rooms 安全漏洞 — Zoom Rooms for Windows | 7.3 | High | 2023-07-11 |
| CVE-2023-34459 | OpenZeppelin 安全漏洞 — openzeppelin-contracts | 5.3 | Medium | 2023-06-16 |
| CVE-2023-28386 | Snap One OvrC Pro 数据伪造问题漏洞 — OvrC Cloud | 8.6 | High | 2023-05-22 |
| CVE-2016-15028 | ICEPAY REST API for .NET 安全漏洞 — REST-API-NET | 4.8 | Medium | 2023-03-12 |
| CVE-2022-45142 | Red Hat Enterprise Linux 安全漏洞 — Samba | 9.1 | - | 2023-03-06 |
| CVE-2022-39845 | SAMSUNG Kies 安全漏洞 — Samsung Kies | 5.5 | Medium | 2022-09-09 |
| CVE-2022-39844 | SAMSUNG Smart Switch PC 安全漏洞 — Smart Switch PC | 5.5 | Medium | 2022-09-09 |
| CVE-2022-35961 | OpenZeppelin 安全漏洞 — openzeppelin-contracts | 7.9 | High | 2022-08-14 |
| CVE-2022-33711 | SAMSUNG USB Driver 安全漏洞 — Samsung USB Driver Windows Installer for Mobile Phones | 7.1 | - | 2022-07-11 |
| CVE-2021-37182 | Siemens SCALANCE 安全漏洞 — SCALANCE XM408-4C | 9.8 | - | 2022-06-14 |
| CVE-2022-29898 | PHOENIX CONTACT RAD-ISM-900-EN-* 安全漏洞 — RAD-ISM-900-EN-BD/B | 9.1 | Critical | 2022-05-11 |
| CVE-2022-29173 | go-tuf 安全漏洞 — go-tuf | 8.0 | High | 2022-05-05 |
| CVE-2022-25946 | F5 BIG-IP 安全漏洞 — BIG-IP (Advanced WAF, APM, ASM) | 8.7 | High | 2022-05-05 |
| CVE-2021-4148 | Linux kernel 安全漏洞 — kernel | 5.5 | - | 2022-03-23 |
| CVE-2021-3772 | Linux kernel 安全漏洞 — kernel | 5.9 | - | 2022-03-02 |
| CVE-2021-41206 | Google TensorFlow 安全漏洞 — tensorflow | 7.0 | High | 2021-11-05 |
| CVE-2021-20184 | Moodle 信息泄露漏洞 — moodle | 4.3 | - | 2021-01-28 |
CWE-354(完整性检查值验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 63 条 CVE 漏洞。