CWE-241 33 個 CVE MITRE 定義 ↗

CWE-241:Improper Handling of Unexpected Data Type

概覽

CWE-241(Improper Handling of Unexpected Data Type)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-47110 2026-06-24 Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set …
CVE-2025-63548 2026-05-01 An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
CVE-2025-66550 2025-12-05 Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the s…
CVE-2024-21935 2025-09-23 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially …
CVE-2024-21927 2025-09-23 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service process…
CVE-2025-7339 2025-07-17 on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is p…
CVE-2025-2268 2025-03-14 The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
CVE-2025-1004 2025-02-06 Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol).
CVE-2024-9423 2024-10-02 Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, pot…
CVE-2024-21526 2024-07-10 All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert …
CVE-2024-21523 2024-07-10 All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, le…
CVE-2024-37316 2024-06-14 Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommende…
CVE-2024-25966 2024-05-14 Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability…
CVE-2024-32268 2024-04-29 An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.
CVE-2024-0151 2024-04-24 Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensio…
CVE-2023-30591 2023-09-29 Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via cr…
CVE-2023-5215 2023-09-28 A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unin…
CVE-2023-28961 2023-04-17 An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from …
CVE-2022-22219 2022-10-17 Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a…
CVE-2022-39065 2022-10-14 A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The m…

曾用名

  • Wrong Data Type (2008-04-11)
  • Failure to Handle Wrong Data Type (2009-03-10)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Description, Name
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2009-10-29 CWE Content Team 1.6 updated Description
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
cvelogic Threat Intelligence