CWE-254
54 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-254page 2 of 2
- CVE-2019-15149CRITICALCVSS 9.8EG 9.82019-08-18
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue beca…
- CVE-2019-5495HIGHCVSS 7.5EG 7.52019-05-10
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
- CVE-2021-40006MEDIUMCVSS 4.6EG 4.62022-01-10
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2021-43177MEDIUMCVSS 5.3EG 5.32022-04-11
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR…
Map vulnerabilities like CWE-254 to your infrastructure
EchelonGraph correlates every CVE — across CWE-254 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →