CVEbaza.plSłownik CWECWE-672
Common Weakness Enumeration

CWE-672

Operation on a Resource after Expiration or Release

Kategoria: ClassCVE: 93
Opis

Produkt używa, uzyskuje dostęp lub w inny sposób operuje na zasobie po tym, gdy zasób wygasł, został zwolniony lub unieważniony. Powoduje to potencjalne błędy bezpieczeństwa i niestabilność aplikacji.

Description (EN)

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Podatności CVE z CWE-672 (93)
10.0
CVSS
CRITICAL
CVE-2023-41094

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

pub. 2023-10-04
9.8
CVSS
CRITICAL
CVE-2020-24030

ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expired, invalidated, and bound to session context. Attempts to alter the token payload to extend its validity do not affect server-side validation."

pub. 2020-09-02
9.8
CVSS
CRITICAL
CVE-2020-12043

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted.

pub. 2020-06-29
9.4
CVSS
CRITICAL
CVE-2019-17638

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).

pub. 2020-07-09
9.2
CVSS
CRITICAL
CVE-2026-43585

OpenClaw przed wersją 2026.4.15 zapamiętuje konfigurację uwierzytelniania bearer przy starcie aplikacji, przez co unieważnione tokeny pozostają ważne po rotacji SecretRef. Jest to podatność krytyczna, ponieważ atakujący może uzyskać nieautoryzowany dostęp do gateway bez posiadania aktualnych poświadczeń.

pub. 2026-05-06
9.1
CVSS
CRITICAL
CVE-2026-33278

NLnet Labs Unbound w wersjach od 1.19.1 do 1.25.0 zawiera błąd w validatorze DNSSEC, który może prowadzić do odmowy usługi (DoS) lub zdalnego wykonania kodu (RCE). Podatność jest wyzwalana przez złośliwą, podpisaną strefę DNS i nie wymaga żadnego uwierzytelnienia ani interakcji użytkownika.

pub. 2026-05-20
9.1
CVSS
CRITICAL
CVE-2013-10075

Biblioteka Apache::Session w wersjach do 1.94 dla Perl umożliwia odtworzenie sesji, które zostały wcześniej usunięte. Stanowi to poważne zagrożenie bezpieczeństwa, ponieważ dane uznane za skasowane mogą zostać ponownie udostępnione.

pub. 2026-05-08
8.8
CVSS
HIGH
CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.

pub. 2022-12-22
8.8
CVSS
HIGH
CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

pub. 2021-06-24
8.7
CVSS
HIGH
CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2025-10-15
8.7
CVSS
HIGH
CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2024-08-14
8.2
CVSS
HIGH
CVE-2026-2379

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.

pub. 2026-06-05
8.2
CVSS
HIGH
CVE-2026-31875

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recovery code to be used an unlimited number of times. This defeats the single-use design of recovery codes and weakens the security of MFA-protected accounts. An attacker who obtains a single recovery code can repeatedly authenticate as the affected user without the code ever being invalidated. This vulnerability is fixed in 9.6.0-alpha.7 and 8.6.33.

pub. 2026-03-11
8.2
CVSS
HIGH
CVE-2021-33020

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

pub. 2022-04-01
8.1
CVSS
HIGH
CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.

pub. 2025-01-14
7.8
CVSS
HIGH
CVE-2026-30978

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.

pub. 2026-03-10
7.8
CVSS
HIGH
CVE-2026-23111

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already active (they don't need re-activation) and process elements that are inactive (they need to be restored). Instead, the current code does the opposite: it skips inactive elements and processes active ones. Compare the non-catchall activate callback, which is correct: nft_mapelem_activate(): if (nft_set_elem_active(ext, iter->genmask)) return 0; /* skip active, process inactive */ With the buggy catchall version: nft_map_catchall_activate(): if (!nft_set_elem_active(ext, genmask)) continue; /* skip inactive, process active */ The consequence is that when a DELSET operation is aborted, nft_setelem_data_activate() is never called for the catchall element. For NFT_GOTO verdict elements, this means nft_data_hold() is never called to restore the chain->use reference count. Each abort cycle permanently decrements chain->use. Once chain->use reaches zero, DELCHAIN succeeds and frees the chain while catchall verdict elements still reference it, resulting in a use-after-free. This is exploitable for local privilege escalation from an unprivileged user via user namespaces + nftables on distributions that enable CONFIG_USER_NS and CONFIG_NF_TABLES. Fix by removing the negation so the check matches nft_mapelem_activate(): skip active elements, process inactive ones.

pub. 2026-02-13
7.8
CVSS
HIGH
CVE-2023-34326

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

pub. 2024-01-05
7.8
CVSS
HIGH
CVE-2020-25221

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.

pub. 2020-09-10
7.8
CVSS
HIGH
CVE-2017-14895

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

pub. 2017-12-05
Pokazano 20 z 93 podatności
Informacje
ID: CWE-672
Typ: Class
Podatności: 93
MITRE CWE ↗
← Słownik CWE
CWE-672 — Operacja na zasobie po jego wygaśnięciu lub zwolnieniu | Słownik CWE | CVEbaza.pl