Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-281 (权限预留不恰当) — Vulnerability Class 91

91 vulnerabilities classified as CWE-281 (权限预留不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-22114 System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission — Zabbix 4.3 Medium2024-08-09
CVE-2024-22121 Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe — Zabbix 6.1 Medium2024-08-09
CVE-2024-23464 Zscaler bypass with administrative privileges on Windows — Client Connector 7.2 High2024-08-06
CVE-2024-39902 Tuleap's recursive permissions to document manager folder are not properly applied — tuleap 4.8 Medium2024-07-22
CVE-2024-38361 Permissions processing error in spacedb — spicedb 3.7 Low2024-06-20
CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X — ZXHN H388X 7.1 High2024-06-20
CVE-2024-3291 Privilege Escalation — Nessus Agent 7.8 High2024-05-17
CVE-2024-3289 Tenable Network Security Nessus 安全漏洞 — Nessus 7.8 High2024-05-17
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will — git 3.9 Low2024-05-14
CVE-2024-22405 XADMaster may not apply quarantine attribute correctly to extracted files — XADMaster 5.5 Medium2024-04-30
CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service 5.3 Medium2024-04-25
CVE-2024-22177 Audio has an improper preservation of permissions vulnerability — OpenHarmony 3.3 Low2024-04-02
CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler — Apache Airflow 8.1AIHighAI2024-03-26
CVE-2024-28746 Apache Airflow: Ignored Airflow Permissions — Apache Airflow 4.3AIMediumAI2024-03-14
CVE-2024-21816 Background task manager has an improper preservation of permissions vulnerability — OpenHarmony 4.0 Medium2024-03-04
CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist — security-advisories 5.4 Medium2024-01-18
CVE-2024-22401 All users can reset the allowed apps list for Nextcloud Guest App users — security-advisories 4.1 Medium2024-01-18
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app — security-advisories 4.1 Medium2024-01-18
CVE-2023-6239 Incorrect calculation of effective permissions — M-Files Server 5.4 Medium2023-11-28
CVE-2023-43612 Hiview has an improper preservation of permissions vulnerability — OpenHarmony 8.4 High2023-11-20
CVE-2023-4996 Local privilege escalation — Netskope Client 6.6 Medium2023-11-06
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions — security 5.4 Medium2023-10-16
CVE-2023-31926 Arbitrary File Overwrite using less command — Fabric OS 7.1 High2023-08-02
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write — qemu 3.3 Low2023-07-24
CVE-2023-35938 User access not updated with privilege change in Tuleap — tuleap 4.1 Medium2023-06-29
CVE-2023-2818 ITM Windows Agent Insecure Filesystem Permissions — Insider Threat Management 5.5 Medium2023-06-27
CVE-2023-2993 Lenovo ThinkSystem 安全漏洞 — System Management Module (SMM) 5.4 Medium2023-06-26
CVE-2023-0975 Trellix Agent 安全漏洞 — Trellix Agent 8.2 High2023-04-03
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS — security-advisories 4.4 Medium2023-03-30
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc — runc 5.0 Medium2023-03-29

Vulnerabilities classified as CWE-281 (权限预留不恰当) represent 91 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.