CWE-250 (带着不必要的权限执行) — Vulnerability Class 233

233 vulnerabilities classified as CWE-250 (带着不必要的权限执行). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-35783	Siemens SIMATIC 安全漏洞 — SIMATIC BATCH V9.1	9.1	Critical	2024-09-10
CVE-2024-45034	Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes — Apache Airflow	7.8	-	2024-09-07
CVE-2024-5623	Untrusted search path vulnerability in B&R APROL — B&R APROL	7.3^AI	High^AI	2024-08-29
CVE-2024-5622	Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL — B&R APROL	7.8^AI	High^AI	2024-08-29
CVE-2024-20478	Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability — Cisco Application Policy Infrastructure Controller (APIC)	6.5	Medium	2024-08-28
CVE-2024-36398	Siemens SINEC NMS 安全漏洞 — SINEC NMS	7.8	High	2024-08-13
CVE-2024-6913	Execution with Unnecessary Privileges — ProcessPlus	9.8^AI	Critical^AI	2024-07-22
CVE-2024-20435	Cisco AsyncOS 安全漏洞 — Cisco Secure Web Appliance	8.8	High	2024-07-17
CVE-2024-35154	IBM WebSphere Application Server code execution — WebSphere Application Server	7.2	High	2024-07-09
CVE-2024-32853	Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS	4.4	Medium	2024-07-02
CVE-2023-30997	IBM Security Access Manager Docker privilege escalation — Security Access Manager Docker	7.8	High	2024-06-27
CVE-2023-30998	IBM Security Access Manager Docker privilege escalation — Security Access Manager Docker	7.8	High	2024-06-27
CVE-2024-31890	IBM i privilege escalation — i	7.8	High	2024-06-21
CVE-2024-3498	Incorrect Permission Assignment Privilege Escalation Vulnerability — Toshiba Tec e-Studio multi-function peripheral (MFP)	7.8	High	2024-06-14
CVE-2024-27147	Local Privilege Escalation and Remote Code Execution using snmpd — Toshiba Tec e-Studio multi-function peripheral (MFP)	7.4	High	2024-06-14
CVE-2024-27146	Lack of privileges separation — Toshiba Tec e-Studio multi-function peripheral (MFP)	6.7	Medium	2024-06-14
CVE-2024-27143	Pre-authenticated Remote Code Execution — Toshiba Tec e-Studio multi-function peripheral (MFP)	9.8	Critical	2024-06-14
CVE-2024-0084	CVE — vGPU software and Cloud Gaming	7.8	High	2024-06-13
CVE-2024-35142	IBM Security Verify Access privilege escalation — Security Verify Access Docker	8.4	High	2024-05-31
CVE-2024-5042	Submariner-operator: rbac permissions can allow for the spread of node compromises	6.6	Medium	2024-05-17
CVE-2024-27260	IBM AIX command execution — AIX	8.4	High	2024-05-16
CVE-2024-27110	Elevation of privilege vulnerability in GE HealthCare EchoPAC products — EchoPAC Software Only	8.4	High	2024-05-14
CVE-2024-25967	Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS	6.7	Medium	2024-05-14
CVE-2024-28005	NEC Aterm 安全漏洞 — WG1800HP4	9.1^AI	Critical^AI	2024-03-28
CVE-2024-0073	CVE — GPU Display driver, vGPU driver, Cloud Gaming driver	7.8	High	2024-03-27
CVE-2024-1222	Incorrect authorization controls in PaperCut NG/MF APIs — PaperCut NG, PaperCut MF	8.6	High	2024-03-14
CVE-2023-45592	AiLux imx6 安全漏洞 — imx6 bundle	6.8	Medium	2024-03-05
CVE-2023-30617	Leverage the kruise-daemon pod to list all secrets in the entire cluster — kruise	6.5	Medium	2024-01-03
CVE-2023-33873	AVEVA Operations Control Logger Execution with Unnecessary Privileges — SystemPlatform	7.8	High	2023-11-15
CVE-2023-6006	Privilege Escalation Vulnerability — PaperCut NG, PaperCut MF	7.8	High	2023-11-14

Vulnerabilities classified as CWE-250 (带着不必要的权限执行) represent 233 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-250 (带着不必要的权限执行) — Vulnerability Class 233