VYPR

CWE-696

Incorrect Behavior Order

ClassIncomplete

Description

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-463

CVEs mapped to this weakness (30)

page 2 of 2
  • CVE-2026-44919MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

  • CVE-2026-41254MedApr 18, 2026
    risk 0.19cvss 4.0epss 0.00

    Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

  • CVE-2026-49318LowMay 29, 2026
    risk 0.16cvss 2.4epss 0.00

    Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during…

  • CVE-2026-49317LowMay 29, 2026
    risk 0.16cvss 2.4epss 0.00

    Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during…

  • CVE-2023-29483Apr 11, 2024
    risk 0.00cvss epss 0.02

    eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the…

  • CVE-2023-6394Dec 9, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access…

  • CVE-2021-22569Jan 7, 2022
    risk 0.00cvss epss 0.02

    An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause…

  • CVE-2021-29446Apr 16, 2021
    risk 0.00cvss epss 0.01

    jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if…

  • CVE-2021-29445Apr 16, 2021
    risk 0.00cvss epss 0.01

    jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if…

  • CVE-2021-29443Apr 16, 2021
    risk 0.00cvss epss 0.01

    jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed…