CWE-453 18 個 CVE MITRE 定義 ↗

CWE-453:Insecure Default Variable Initialization

概覽

CWE-453(Insecure Default Variable Initialization)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product, by default, initializes an internal variable with an insecure or less secure value than is possible.

適用平台

類型 名稱 普遍性 OS / CPE
language PHP Sometimes
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-0082 2026-06-17 In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege wit…
CVE-2026-41330 2026-04-20 OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass secu…
CVE-2025-61926 2025-10-09 Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-…
CVE-2025-48563 2025-09-04 In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional executi…
CVE-2025-47945 2025-05-17 Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. Whil…
CVE-2025-30206 2025-04-15 Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers t…
CVE-2024-49120 2024-12-11 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-41255 2024-07-31 filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.
CVE-2024-39916 2024-07-12 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attac…
CVE-2024-21411 2024-03-12 Skype for Consumer Remote Code Execution Vulnerability
CVE-2023-27516 2023-10-12 An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An…
CVE-2022-47197 2023-01-19 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript…
CVE-2022-47196 2023-01-19 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript…
CVE-2022-47195 2023-01-19 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript…
CVE-2022-47194 2023-01-19 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript…
CVE-2022-46831 2022-12-08 In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to …
CVE-2022-3262 2022-12-08 A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with …
CVE-2021-27426 2022-03-23 GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2010-06-21 CWE Content Team 1.9 updated Maintenance_Notes, Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Demonstrative_Examples, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2019-06-20 CWE Content Team 3.3 updated Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Relationships, Time_of_Introduction
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence