CVEbaza.plSłownik CWECWE-783
Common Weakness Enumeration

CWE-783

Operator Precedence Logic Error

Kategoria: BaseCVE: 20
Opis

Produkt używa wyrażenia, w którym pierwszeństwo operatorów powoduje zastosowanie niepoprawnej logiki. Błąd wynika z nieprawidłowego porządku wykonywania operacji arytmetycznych lub logicznych.

Description (EN)

The product uses an expression in which operator precedence causes incorrect logic to be used.

Podatności CVE z CWE-783 (20)
10.0
CVSS
CRITICAL
CVE-2017-13322

Podatność w metodzie endCallForSubscriber w pliku PhoneInterfaceManager.java systemu Android umożliwia lokalne zablokowanie dostępu do usług alarmowych (numery ratunkowe). Ze względu na możliwość uniemożliwienia kontaktu ze służbami ratunkowymi w sytuacji zagrożenia, podatność jest oceniana jako krytyczna.

pub. 2025-01-17
8.6
CVSS
HIGH
CVE-2024-20480

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

pub. 2024-09-25
8.6
CVSS
HIGH
CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.

pub. 2024-03-27
7.8
CVSS
HIGH
CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.

pub. 2026-04-30
7.8
CVSS
HIGH
CVE-2024-44093

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-09-13
7.8
CVSS
HIGH
CVE-2024-34741

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-08-15
7.8
CVSS
HIGH
CVE-2024-31326

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-07-09
7.8
CVSS
HIGH
CVE-2024-31335

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-07-09
7.8
CVSS
HIGH
CVE-2024-34720

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-07-09
7.8
CVSS
HIGH
CVE-2024-34723

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-07-09
7.8
CVSS
HIGH
CVE-2024-34726

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2024-07-09
7.8
CVSS
HIGH
CVE-2024-32896

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

pub. 2024-06-13🚩 CISA KEV⚡ EXPLOIT
7.8
CVSS
HIGH
CVE-2022-20477

In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867

pub. 2022-12-13
7.3
CVSS
HIGH
CVE-2024-31331

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

pub. 2024-07-09
7.1
CVSS
HIGH
CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0.

pub. 2026-02-03
6.9
CVSS
MEDIUM
CVE-2026-0209

Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.

pub. 2026-04-14
5.5
CVSS
MEDIUM
CVE-2025-24210

A logic error was addressed with improved error handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Parsing an image may lead to disclosure of user information.

pub. 2025-03-31
5.5
CVSS
MEDIUM
CVE-2024-49736

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2025-01-21
5.5
CVSS
MEDIUM
CVE-2024-27886

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.

pub. 2024-07-29
2.1
CVSS
LOW
CVE-2025-27512

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize-deployment` to reboot the system into the deployed update. Since Zincati v0.0.24, this polkit rule contains a logic error which broadens access of those polkit actions to any unprivileged user rather than just the `zincati` system user. In practice, this means that any unprivileged user with access to the system D-Bus socket is able to deploy older Fedora CoreOS versions (which may have other known vulnerabilities). Note that rpm-ostree enforces that the selected version must be from the same branch the system is currently on so this cannot directly be used to deploy an attacker-controlled update payload. This primarily impacts users running untrusted workloads with access to the system D-Bus socket. Note that in general, untrusted workloads should not be given this access, whether containerized or not. By default, containers do not have access to the system D-Bus socket. The logic error is fixed in Zincati v0.0.30. A workaround is to manually add a following polkit rule, instructions for which are available in the GitHub Security Advisory.

pub. 2025-03-17
Informacje
ID: CWE-783
Typ: Base
Podatności: 20
MITRE CWE ↗
← Słownik CWE