CVEbaza.plCWE DictionaryCWE-231
Common Weakness Enumeration

CWE-231

Improper Handling of Extra Values

Category: VariantCVE: 5
Description

The product does not handle or incorrectly handles when more values are provided than expected.

CVE vulnerabilities with CWE-231 (5)
7.7
CVSS
HIGH
CVE-2024-20268

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials.

pub. 2024-10-23
7.5
CVSS
HIGH
CVE-2023-6841

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

pub. 2024-09-10
6.9
CVSS
MEDIUM
CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.

pub. 2026-02-02
5.3
CVSS
MEDIUM
CVE-2023-44386

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

pub. 2023-10-05
4.9
CVSS
MEDIUM
CVE-2024-31397

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

pub. 2024-06-11
Information
ID: CWE-231
Type: Variant
Vulnerabilities: 5
MITRE CWE ↗
← CWE Dictionary