目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-453 不安全的缺省变量初始化 类漏洞列表 14

CWE-453 不安全的缺省变量初始化 类弱点 14 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-453 属于不安全的默认变量初始化漏洞,指产品在默认情况下将内部变量初始化为不安全或安全性较低的值。攻击者通常利用此缺陷,通过读取或操纵这些未正确初始化的变量,获取敏感数据或改变程序逻辑以执行恶意操作。开发者应避免使用默认值,显式设置安全且符合预期的初始状态,并定期审查代码以确保变量初始化过程的安全性与完整性。

MITRE CWE 官方描述
CWE:CWE-453 不安全的默认变量初始化 英文:The product, by default, initializes an internal variable with an insecure or less secure value than is possible.
常见影响 (1)
IntegrityModify Application Data
An attacker could gain access to and modify sensitive data or system information.
缓解措施 (1)
System ConfigurationDisable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.
代码示例 (1)
This code attempts to login a user using credentials from a POST request:
// $user and $pass automatically set from POST request if (login_user($user,$pass)) { $authorized = true; } ... if ($authorized) { generatePage(); }
Bad · PHP
$user = $_POST['user']; $pass = $_POST['pass']; $authorized = false; if (login_user($user,$pass)) { $authorized = true; } ...
Good · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-41330 OpenClaw 安全漏洞 — OpenClaw 4.4 Medium2026-04-20
CVE-2025-61926 Allstar 信任管理问题漏洞 — allstar 8.1AIHighAI2025-10-09
CVE-2025-47945 Donetick 安全漏洞 — donetick 9.1 Critical2025-05-17
CVE-2024-49120 Microsoft Windows Remote Desktop Services 安全漏洞 — Windows Server 2019 8.1 High2024-12-10
CVE-2024-39916 FOGProject 安全漏洞 — fogproject 6.4 Medium2024-07-12
CVE-2024-21411 Microsoft Skype 安全漏洞 — Skype for Consumer 8.8 High2024-03-12
CVE-2023-27516 SoftEther VPN 安全漏洞 — SoftEther VPN 7.3 High2023-10-12
CVE-2022-47195 Ghost Foundation Ghost 跨站脚本漏洞 — Ghost 5.4 -2023-01-19
CVE-2022-47196 Ghost Foundation Ghost 安全漏洞 — Ghost 5.4 -2023-01-19
CVE-2022-47197 Ghost Foundation Ghost 跨站脚本漏洞 — Ghost 5.4 -2023-01-19
CVE-2022-47194 Ghost Foundation Ghost 安全漏洞 — Ghost 5.4 -2023-01-19
CVE-2022-46831 JetBrains TeamCity 安全漏洞 — TeamCity 6.6 Medium2022-12-08
CVE-2022-3262 Red Hat OpenShift 安全漏洞 — openshift 8.1 -2022-12-08
CVE-2021-27426 GE Grid Solutions UR 安全漏洞 — UR family 9.8 Critical2022-03-23

CWE-453(不安全的缺省变量初始化) 是常见的弱点类别,本平台收录该类弱点关联的 14 条 CVE 漏洞。