CVEbaza.plSłownik CWECWE-454
Common Weakness Enumeration

CWE-454

External Initialization of Trusted Variables or Data Stores

Kategoria: BaseCVE: 3
Opis

Produkt inicjalizuje krytyczne zmienne wewnętrzne lub magazyny danych przy użyciu danych wejściowych, które mogą być modyfikowane przez niezaufane podmioty. Może to prowadzić do kompromitacji integralności i bezpieczeństwa systemu.

Description (EN)

The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.

Podatności CVE z CWE-454 (3)
8.1
CVSS
HIGH
CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

pub. 2026-03-10
7.4
CVSS
HIGH
CVE-2025-36244

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

pub. 2025-09-16
6.3
CVSS
MEDIUM
CVE-2026-48980

pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or remote, and a PAM module that runs in the context of setuid binaries (sudo, su), getenv() returns attacker-controlled values whenever the process environment has been manipulated by a local user. This issue has been fixed in version 0.9.2.

pub. 2026-06-18
Informacje
ID: CWE-454
Typ: Base
Podatności: 3
MITRE CWE ↗
← Słownik CWE