CWE-420 未保护的候选通道 类弱点 33 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-420 指未受保护的备用通道漏洞,属于安全配置缺陷。当产品仅保护主通信通道而忽视备用通道时,攻击者会利用该差异,通过未加密或弱认证的备用接口窃取敏感数据或执行未授权操作。开发者应避免此风险,需确保所有通信路径采用一致且高强度的加密与认证机制,实施全面的安全策略,消除保护盲区。
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmoduleassign addr_auth = (address == 32'hF00) ? 1: 0;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-43505 | Prosody mod_proxy65访问控制漏洞 — Prosody | 6.5 | Medium | 2026-05-01 |
| CVE-2026-40217 | LiteLLM 安全漏洞 — LiteLLM | 8.8 | High | 2026-04-10 |
| CVE-2026-35388 | OpenSSH 安全漏洞 — OpenSSH | 2.5 | Low | 2026-04-02 |
| CVE-2026-25916 | Roundcube Webmail 安全漏洞 — Webmail | 4.3 | Medium | 2026-02-09 |
| CVE-2025-41727 | Beckhoff Automation多款产品 安全漏洞 — Beckhoff.Device.Manager.XAR | 7.8 | High | 2026-01-27 |
| CVE-2025-62001 | BullWall Ransomware Containment 安全漏洞 — Ransomware Containment | 8.8 | High | 2025-12-18 |
| CVE-2025-66432 | Oxide Control Plane 安全漏洞 — Omicron | 5.0 | Medium | 2025-11-30 |
| CVE-2025-13315 | Lynx Twonky Server 安全漏洞 — Twonky Server | 9.1AI | CriticalAI | 2025-11-19 |
| CVE-2025-56558 | Dyson App 安全漏洞 — MQTT server | 3.0 | Low | 2025-10-29 |
| CVE-2025-62820 | Slack Nebula 安全漏洞 — Nebula | 4.9 | Medium | 2025-10-23 |
| CVE-2025-53967 | Framelink Figma MCP Server 安全漏洞 — Figma MCP Server | 8.0 | High | 2025-10-08 |
| CVE-2025-8557 | Lenovo XClarity Orchestrator 安全漏洞 — XClarity Orchestrator (LXCO) | 8.8 | High | 2025-09-11 |
| CVE-2025-59033 | Microsoft Windows Defender Application Control 安全漏洞 — Windows | 7.4 | High | 2025-09-08 |
| CVE-2025-54351 | iperf 安全漏洞 — iperf3 | 8.9 | High | 2025-08-03 |
| CVE-2025-54309 | CrushFTP 安全漏洞 — CrushFTP | 9.0 | Critical | 2025-07-18 |
| CVE-2025-52921 | InnoShop 安全漏洞 — InnoShop | 9.9 | Critical | 2025-06-23 |
| CVE-2025-52968 | xdg-utils 安全漏洞 — xdg-utils | 2.7 | Low | 2025-06-23 |
| CVE-2025-1095 | IBM Personal Communications 缓冲区错误漏洞 — Personal Communications | 8.8 | High | 2025-04-08 |
| CVE-2023-52718 | Huawei多款产品 安全漏洞 — PT9030-15 | 6.4 | Medium | 2024-12-28 |
| CVE-2023-7266 | Huawei WS7200-10 安全漏洞 — TC7001-10 | 7.5 | High | 2024-12-28 |
| CVE-2024-8038 | Juju 安全漏洞 — Juju | 7.9 | High | 2024-10-02 |
| CVE-2024-6242 | Rockwell Automation ControlLogix 安全漏洞 — ControlLogix® 5580 (1756-L8z) | 9.8AI | CriticalAI | 2024-08-01 |
| CVE-2024-6099 | WordPress plugin LearnPress 安全漏洞 — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 5.3 | Medium | 2024-07-02 |
| CVE-2024-4444 | WordPress plugin LearnPress 安全漏洞 — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 5.3 | Medium | 2024-05-10 |
| CVE-2023-20198 | Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software | 10.0 | Critical | 2023-10-16 |
| CVE-2023-4570 | NI MeasurementLink Python Services 安全漏洞 — MeasurementLink | 8.8 | High | 2023-10-05 |
| CVE-2023-30946 | Palantir Foundry Issues 安全漏洞 — com.palantir.issues:issues | 3.5 | Low | 2023-06-29 |
| CVE-2023-31241 | Snap One OvrC Cloud 访问控制错误漏洞 — OvrC Cloud | 8.6 | High | 2023-05-22 |
| CVE-2023-0317 | GateManager 安全漏洞 — GateManager | 4.9 | Medium | 2023-04-19 |
| CVE-2023-28840 | Moby 安全漏洞 — moby | 7.5 | High | 2023-04-04 |
CWE-420(未保护的候选通道) 是常见的弱点类别,本平台收录该类弱点关联的 33 条 CVE 漏洞。