CVEbaza.plSłownik CWECWE-230
Common Weakness Enumeration

CWE-230

Improper Handling of Missing Values

Kategoria: VariantCVE: 12
Opis

Produkt nie obsługuje lub nieprawidłowo obsługuje sytuację, gdy parametr, pole lub nazwa argumentu są określone, ale powiązana wartość jest pusta, pominięta lub równa null. Może to prowadzić do nieoczekiwanego zachowania aplikacji lub luk w bezpieczeństwie.

Description (EN)

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

Podatności CVE z CWE-230 (12)
9.8
CVSS
CRITICAL
CVE-2024-11024

Wtyczka AppPresser – Mobile App Framework dla WordPress w wersjach do 4.4.6 włącznie zawiera krytyczną podatność umożliwiającą przejęcie konta dowolnego użytkownika bez uwierzytelnienia. Błąd pozwala atakującemu na pełne przejęcie kontroli nad kontem, w tym kont administratorskich, co zagraża całej instalacji WordPress.

pub. 2024-11-26
9.8
CVSS
CRITICAL
CVE-2024-10508

Wtyczka RegistrationMagic dla WordPress nie weryfikuje prawidłowo tokenu resetowania hasła, co umożliwia nieuwierzytelnionym atakującym przejęcie dowolnego konta użytkownika, w tym kont administratorów. Podatność otrzymała ocenę CVSS 9.8 (CRITICAL), co czyni ją ekstremalnie niebezpieczną dla każdej witryny WordPress korzystającej z tej wtyczki.

pub. 2024-11-09
8.6
CVSS
HIGH
CVE-2026-20086

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.

pub. 2026-03-25
7.8
CVSS
HIGH
CVE-2024-9781

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

pub. 2024-10-10
7.8
CVSS
HIGH
CVE-2024-0048

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-03-11
7.8
CVSS
HIGH
CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

pub. 2024-01-03
7.1
CVSS
HIGH
CVE-2026-25658

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

pub. 2026-06-05
7.1
CVSS
HIGH
CVE-2026-25659

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

pub. 2026-06-05
6.5
CVSS
MEDIUM
CVE-2026-1461

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which is empty by default. This makes it possible for unauthenticated attackers to forge Stripe webhook events to manipulate membership subscriptions, including reactivating expired memberships without payment or canceling legitimate subscriptions, potentially leading to unauthorized access and service disruption.

pub. 2026-02-19
6.5
CVSS
MEDIUM
CVE-2025-23225

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

pub. 2025-02-28
6.5
CVSS
MEDIUM
CVE-2024-6237

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

pub. 2024-07-09
6.5
CVSS
MEDIUM
CVE-2023-1697

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.

pub. 2023-04-17
Informacje
ID: CWE-230
Typ: Variant
Podatności: 12
MITRE CWE ↗
← Słownik CWE