CWE-697
Incorrect Comparison
Description
The product compares two entities in a security-relevant context, but the comparison is incorrect.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-120 · CAPEC-14 · CAPEC-15 · CAPEC-182 · CAPEC-24 · CAPEC-267 · CAPEC-3 · CAPEC-41 · CAPEC-43 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-88 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (70)
page 3 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36829 | 0.00 | — | 0.01 | Jul 6, 2023 | Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the… | |||
| CVE-2023-28936 | 0.00 | — | 0.01 | May 12, 2023 | Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | |||
| CVE-2023-25666 | 0.00 | — | 0.00 | Mar 24, 2023 | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||
| CVE-2023-25669 | 0.00 | — | 0.00 | Mar 24, 2023 | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version… | |||
| CVE-2023-25673 | 0.00 | — | 0.00 | Mar 24, 2023 | TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||
| CVE-2023-25675 | 0.00 | — | 0.00 | Mar 24, 2023 | TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in… | |||
| CVE-2023-27579 | 0.00 | — | 0.00 | Mar 24, 2023 | TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow… | |||
| CVE-2022-23554 | 0.00 | — | 0.01 | Dec 28, 2022 | Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as… | |||
| CVE-2021-43309 | — | 0.00 | — | 0.01 | Aug 24, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method | ||
| CVE-2022-1930 | — | 0.00 | — | 0.01 | Aug 22, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | ||
| CVE-2022-38179 | 0.00 | — | 0.00 | Aug 12, 2022 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||
| CVE-2021-41500 | — | 0.00 | — | 0.01 | Dec 17, 2021 | Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | ||
| CVE-2021-34141 | — | 0.00 | — | 0.02 | Dec 17, 2021 | An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | ||
| CVE-2021-42836 | — | 0.00 | — | 0.02 | Oct 22, 2021 | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. | ||
| CVE-2021-3828 | 0.00 | — | 0.02 | Sep 27, 2021 | nltk is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3822 | 0.00 | — | 0.01 | Sep 27, 2021 | jsoneditor is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2020-23478 | — | 0.00 | — | 0.01 | Sep 22, 2021 | Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||
| CVE-2021-3807 | — | 0.00 | — | 0.03 | Sep 17, 2021 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3794 | 0.00 | — | 0.01 | Sep 15, 2021 | vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-27293 | — | 0.00 | — | 0.02 | Jul 12, 2021 | RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an… |
- CVE-2023-36829Jul 6, 2023risk 0.00cvss —epss 0.01
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the…
- CVE-2023-28936May 12, 2023risk 0.00cvss —epss 0.01
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
- CVE-2023-25666Mar 24, 2023risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
- CVE-2023-25669Mar 24, 2023risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version…
- CVE-2023-25673Mar 24, 2023risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
- CVE-2023-25675Mar 24, 2023risk 0.00cvss —epss 0.00
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in…
- CVE-2023-27579Mar 24, 2023risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow…
- CVE-2022-23554Dec 28, 2022risk 0.00cvss —epss 0.01
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as…
- CVE-2021-43309Aug 24, 2022risk 0.00cvss —epss 0.01
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
- CVE-2022-1930Aug 22, 2022risk 0.00cvss —epss 0.01
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
- CVE-2022-38179Aug 12, 2022risk 0.00cvss —epss 0.00
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
- CVE-2021-41500Dec 17, 2021risk 0.00cvss —epss 0.01
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
- CVE-2021-34141Dec 17, 2021risk 0.00cvss —epss 0.02
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
- CVE-2021-42836Oct 22, 2021risk 0.00cvss —epss 0.02
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
- CVE-2021-3828Sep 27, 2021risk 0.00cvss —epss 0.02
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3822Sep 27, 2021risk 0.00cvss —epss 0.01
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
- CVE-2020-23478Sep 22, 2021risk 0.00cvss —epss 0.01
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
- CVE-2021-3807Sep 17, 2021risk 0.00cvss —epss 0.03
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3794Sep 15, 2021risk 0.00cvss —epss 0.01
vuelidate is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-27293Jul 12, 2021risk 0.00cvss —epss 0.02
RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an…