CVEbaza.plSłownik CWECWE-792
Common Weakness Enumeration

CWE-792

Incomplete Filtering of One or More Instances of Special Elements

Kategoria: VariantCVE: 5
Opis

Produkt otrzymuje dane z komponentu nadrzędnego, ale nie filtruje całkowicie jednego lub więcej przypadków specjalnych elementów przed wysłaniem ich do komponentu podrzędnego. Może to prowadzić do luk w bezpieczeństwie, gdy niezfiltrowane specjalne elementy są przetwarzane przez komponenty docelowe.

Description (EN)

The product receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

Podatności CVE z CWE-792 (5)
7.7
CVSS
HIGH
CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

pub. 2025-11-27
7.7
CVSS
HIGH
CVE-2025-47779

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

pub. 2025-05-22
5.5
CVSS
MEDIUM
CVE-2023-25608

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

pub. 2023-09-13
5.5
CVSS
MEDIUM
CVE-2022-22297

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

pub. 2023-03-07
CVSS
NONE
CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

pub. 2023-01-20
Informacje
ID: CWE-792
Typ: Variant
Podatności: 5
MITRE CWE ↗
← Słownik CWE
CWE-792 — Niekompletne filtrowanie jednego lub więcej przypadków specjalnych elementów | Słownik CWE | CVEbaza.pl