VYPR

CWE-697

Incorrect Comparison

PillarIncomplete

Description

The product compares two entities in a security-relevant context, but the comparison is incorrect.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-120 · CAPEC-14 · CAPEC-15 · CAPEC-182 · CAPEC-24 · CAPEC-267 · CAPEC-3 · CAPEC-41 · CAPEC-43 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-88 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (70)

page 3 of 4
  • CVE-2023-36829Jul 6, 2023
    risk 0.00cvss epss 0.01

    Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the…

  • CVE-2023-28936May 12, 2023
    risk 0.00cvss epss 0.01

    Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

  • CVE-2023-25666Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

  • CVE-2023-25669Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version…

  • CVE-2023-25673Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

  • CVE-2023-25675Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in…

  • CVE-2023-27579Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow…

  • CVE-2022-23554Dec 28, 2022
    risk 0.00cvss epss 0.01

    Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as…

  • CVE-2021-43309Aug 24, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

  • CVE-2022-1930Aug 22, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

  • CVE-2022-38179Aug 12, 2022
    risk 0.00cvss epss 0.00

    JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

  • CVE-2021-41500Dec 17, 2021
    risk 0.00cvss epss 0.01

    Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.

  • CVE-2021-34141Dec 17, 2021
    risk 0.00cvss epss 0.02

    An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

  • CVE-2021-42836Oct 22, 2021
    risk 0.00cvss epss 0.02

    GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

  • CVE-2021-3828Sep 27, 2021
    risk 0.00cvss epss 0.02

    nltk is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3822Sep 27, 2021
    risk 0.00cvss epss 0.01

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2020-23478Sep 22, 2021
    risk 0.00cvss epss 0.01

    Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

  • CVE-2021-3807Sep 17, 2021
    risk 0.00cvss epss 0.03

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3794Sep 15, 2021
    risk 0.00cvss epss 0.01

    vuelidate is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-27293Jul 12, 2021
    risk 0.00cvss epss 0.02

    RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an…