CWE-480 7 個 CVE MITRE 定義 ↗

CWE-480:Use of Incorrect Operator

概覽

CWE-480(Use of Incorrect Operator)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

適用平台

類型 名稱 普遍性 OS / CPE
language C Sometimes
language C++ Sometimes
language Perl Sometimes
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-15043 2026-07-14 DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some c…
CVE-2026-48497 2026-06-26 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution c…
CVE-2026-43114 2026-05-06 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching func…
CVE-2026-4748 2026-04-01 A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicat…
CVE-2025-52985 2025-07-11 A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When …
CVE-2024-35190 2024-05-17 Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulner…
CVE-2022-1947 2022-05-31 Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.

曾用名

  • Using the Wrong Operator (2008-04-11)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Relationships
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, References, Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples, Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Applicable_Platforms, Description, Detection_Factors, Other_Notes
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2020-02-24 CWE Content Team 4.0 updated References, Relationships, Taxonomy_Mappings
2020-08-20 CWE Content Team 4.2 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Relationships
2023-01-31 CWE Content Team 4.10 updated Description, Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples, References
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Content Chen Chen, Rahul Kande, Jeyavijayan Rajendran 2023-11-07 suggested demonstrative example
Content Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi 2023-11-07 suggested demonstrative example
cvelogic Threat Intelligence