CVEbaza.plSłownik CWECWE-839
Common Weakness Enumeration

CWE-839

Numeric Range Comparison Without Minimum Check

Kategoria: BaseCVE: 6
Opis

Produkt sprawdza wartość, aby upewnić się, że jest mniejsza lub równa maksimum, ale nie weryfikuje również, czy wartość jest większa lub równa minimum. To może prowadzić do przyjęcia nieprawidłowych wartości spoza zamierzonego zakresu.

Description (EN)

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

Podatności CVE z CWE-839 (6)
9.8
CVSS
CRITICAL
CVE-2026-53176

Podatność w sterowniku iSER jądra Linux (IB/isert) umożliwia zdalnemu atakującemu bez uwierzytelnienia wywołanie awarii systemu docelowego poprzez przesłanie zbyt krótkiego pakietu PDU fazy logowania. Podatność jest krytyczna, ponieważ faza logowania poprzedza uwierzytelnianie iSCSI, co oznacza brak jakiegokolwiek progu wejścia dla atakującego.

pub. 2026-06-25
8.6
CVSS
HIGH
CVE-2023-0425

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

pub. 2023-08-07
7.5
CVSS
HIGH
CVE-2023-22854

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

pub. 2023-02-13
7.5
CVSS
HIGH
CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

pub. 2020-11-24
5.3
CVSS
MEDIUM
CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

pub. 2026-05-30
3.7
CVSS
LOW
CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

pub. 2026-06-23
Informacje
ID: CWE-839
Typ: Base
Podatności: 6
MITRE CWE ↗
← Słownik CWE