CWE-641 15 個 CVE MITRE 定義 ↗

CWE-641:Improper Restriction of Names for Files and Other Resources

概覽

CWE-641(Improper Restriction of Names for Files and Other Resources)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-50023 2026-06-23 yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webl…
CVE-2026-27140 2026-04-07 SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.
CVE-2019-25623 2026-03-23 Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create …
CVE-2026-25177 2026-03-10 Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-47953 2025-06-10 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47173 2025-06-10 Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2024-47260 2025-03-04 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting…
CVE-2025-21402 2025-01-14 Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21361 2025-01-14 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-45312 2024-09-02 Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary lang…
CVE-2024-30063 2024-06-11 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-0046 2023-01-04 Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
CVE-2022-23536 2022-12-19 Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read lo…
CVE-2022-36302 2022-08-01 File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.
CVE-2021-41146 2021-10-21 qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certa…

曾用名

  • Insufficient Filtering of File and Other Resource Names for Executable Content (2010-06-21)

內容提交

名稱
Evgeny Lebanidze
組織
Cigital
日期
2008-01-30
版本
Draft 8

內容修訂

日期 名稱 版本 重要性 評論
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships
2008-10-14 CWE Content Team 1.0.1 updated Description
2009-10-29 CWE Content Team 1.6 updated Common_Consequences
2010-06-21 CWE Content Team 1.9 updated Description, Name, Type
2010-12-13 CWE Content Team 1.11 updated Common_Consequences
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team 2.11 updated Potential_Mitigations
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence