CWE-480
Use of Incorrect Operator
Description
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
Hierarchy (View 1000)
CVEs mapped to this weakness (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4748 | Hig | 0.49 | 7.5 | 0.00 | Apr 1, 2026 | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed… | ||
| CVE-2026-44722 | 0.00 | — | 0.00 | May 14, 2026 | ### Impact A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is… | |||
| CVE-2021-3116 | — | 0.00 | — | 0.02 | Jan 11, 2021 | before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). |
- risk 0.49cvss 7.5epss 0.00
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed…
- CVE-2026-44722May 14, 2026risk 0.00cvss —epss 0.00
### Impact A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is…
- CVE-2021-3116Jan 11, 2021risk 0.00cvss —epss 0.02
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).