Fallos del tipo CWE-642

16 resultados
CVE-2019-9496An invalid authentication sequence could result in the hostapd process terminating due to missing state validation stepsEPSS 5.2%CVE-2026-29146HIGHApache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by defaultEPSS 3.6%CVE-2018-15382Cisco HyperFlex Software Static Signing Key VulnerabilityEPSS 1.3%CVE-2017-0928html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variableEPSS 1.0%CVE-2020-27872HIGHThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routEPSS 0.9%CVE-2023-0575HIGHRemote Code ExecutionEPSS 0.8%CVE-2022-32859MEDIUMA logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight seEPSS 0.5%CVE-2025-49090HIGHThe Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.EPSS 0.4%CVE-2024-8754MEDIUMExternal Control of Critical State Data in GitLabEPSS 0.4%CVE-2024-58265LOWThe snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message deliveryEPSS 0.4%CVE-2020-26186MEDIUMDell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access toEPSS 0.4%CVE-2024-22387MEDIUMExternal Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticateEPSS 0.3%CVE-2020-1976MEDIUMGlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.EPSS 0.3%CVE-2022-22154MEDIUMJunos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoSEPSS 0.2%CVE-2025-54566MEDIUMhw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.EPSS 0.2%CVE-2025-26787MEDIUMAn error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to coEPSS 0.1%