CWE-254(7PK - Security Features)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2021-43177 | 2022-04-11 | As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interv… |
| CVE-2021-40006 | 2022-01-10 | Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2019-10059 | 2019-08-28 | The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. |
| CVE-2016-10933 | 2019-08-26 | An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. |
| CVE-2016-10932 | 2019-08-26 | An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. |
| CVE-2015-9331 | 2019-08-20 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. |
| CVE-2015-9318 | 2019-08-20 | The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. |
| CVE-2019-15149 | 2019-08-18 | core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NO… |
| CVE-2016-10894 | 2019-08-16 | xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scroll… |
| CVE-2017-18480 | 2019-08-05 | cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). |
| CVE-2017-18477 | 2019-08-05 | In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). |
| CVE-2017-18476 | 2019-08-05 | Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). |
| CVE-2016-10772 | 2019-08-05 | cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). |
| CVE-2017-18467 | 2019-08-05 | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). |
| CVE-2017-18462 | 2019-08-05 | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). |
| CVE-2017-18445 | 2019-08-02 | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). |
| CVE-2017-18429 | 2019-08-02 | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). |
| CVE-2017-8227 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the … |
| CVE-2017-11579 | 2019-07-02 | In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web… |
| CVE-2017-13718 | 2019-06-10 | The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as … |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Relationships |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Relationships |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Name, Relationships |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |