CWE-249 6 個 CVE MITRE 定義 ↗

CWE-249:Often Misused: Path Manipulation(已棄用)

概覽

CWE-249 在 CWE 架構中為已棄用分類,仍保留於目錄中供歷史層級與 CVE 追溯。

安全影響
安全影響:對現行利用而言為低 / 無(目錄條目已棄用)。
歷史說明
歷史說明:MITRE 會不定期調整 CWE 樹;威脅建模請優先使用當前未棄用的弱點條目。

描述

This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2023-35003 2024-02-14 Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33878 2023-11-14 Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege vi…
CVE-2023-32655 2023-11-14 Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated use…
CVE-2023-32278 2023-11-14 Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC…
CVE-2022-27229 2023-11-14 Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of p…
CVE-2019-3932 2019-04-30 Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use th…

曾用名

  • Often Misused: Path Manipulation (2009-07-27)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples
2009-07-17 KDM Analytics 1.5 Critical Described inconsistencies in this entry, which the CWE Content Team had already slated for deprecation.
2009-07-27 CWE Content Team 1.5 updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions
2009-10-29 CWE Content Team 1.6 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Description, Maintenance_Notes
2022-10-13 CWE Content Team 4.9 updated Description
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
cvelogic Threat Intelligence