VYPR

CWE-697

Incorrect Comparison

PillarIncomplete

Description

The product compares two entities in a security-relevant context, but the comparison is incorrect.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-120 · CAPEC-14 · CAPEC-15 · CAPEC-182 · CAPEC-24 · CAPEC-267 · CAPEC-3 · CAPEC-41 · CAPEC-43 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-88 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (70)

page 4 of 4
  • CVE-2020-1920Jun 1, 2021
    risk 0.00cvss epss 0.01

    A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

  • CVE-2020-23355Jan 27, 2021
    risk 0.00cvss epss 0.01

    ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234…

  • CVE-2021-3116Jan 11, 2021
    risk 0.00cvss epss 0.02

    before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).

  • CVE-2019-25002Dec 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

  • CVE-2020-15130Jul 30, 2020
    risk 0.00cvss epss 0.01

    In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without…

  • CVE-2020-15131Jul 30, 2020
    risk 0.00cvss epss 0.01

    In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token…

  • CVE-2020-13485May 25, 2020
    risk 0.00cvss epss 0.01

    The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

  • CVE-2020-11072May 12, 2020
    risk 0.00cvss epss 0.01

    In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a…

  • CVE-2020-11071May 12, 2020
    risk 0.00cvss epss 0.01

    SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction…

  • CVE-2011-3903Dec 13, 2011
    risk 0.00cvss epss 0.01

    Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.