CVEbaza.plSłownik CWECWE-628
Common Weakness Enumeration

CWE-628

Function Call with Incorrectly Specified Arguments

Kategoria: BaseCVE: 6
Opis

Produkt wywołuje funkcję, procedurę lub rutynę z argumentami, które nie zostały poprawnie określone, co prowadzi do zawsze nieprawidłowego zachowania i wynikających z tego słabości. Błąd polega na przekazaniu argumentów o niewłaściwych wartościach, typach lub kolejności.

Description (EN)

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Podatności CVE z CWE-628 (6)
7.9
CVSS
HIGH
CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed updating the VMLOAD/VMSAVE emulation code to always use vmcb01. As a result, if VMSAVE/VMLOAD is executed by an L2 guest and is not intercepted by L1, KVM will mistakenly use vmcb02. Always use vmcb01 instead of the current VMCB.

pub. 2026-05-06
7.8
CVSS
HIGH
CVE-2026-25634

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.

pub. 2026-02-06
7.5
CVSS
HIGH
CVE-2019-14844

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

pub. 2019-09-26
7.5
CVSS
HIGH
CVE-2019-7303

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.

pub. 2019-04-23
6.1
CVSS
MEDIUM
CVE-2026-21503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.

pub. 2026-01-07
4.3
CVSS
MEDIUM
CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

pub. 2025-06-02
Informacje
ID: CWE-628
Typ: Base
Podatności: 6
MITRE CWE ↗
← Słownik CWE
CWE-628 — Wywołanie funkcji z niepoprawnie określonymi argumentami | Słownik CWE | CVEbaza.pl