CWE-696 35 個 CVE MITRE 定義 ↗

CWE-696:Incorrect Behavior Order

概覽

CWE-696(Incorrect Behavior Order)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Web Based Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-56355 2026-06-20 GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
CVE-2026-49318 2026-05-29 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. Th…
CVE-2026-49317 2026-05-29 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. Th…
CVE-2026-44919 2026-05-13 In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
CVE-2026-45033 2026-05-13 GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git re…
CVE-2026-44600 2026-05-06 Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVE-2026-43002 2026-05-05 An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthent…
CVE-2026-40583 2026-04-21 UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails au…
CVE-2026-41254 2026-04-18 Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
CVE-2026-35652 2026-04-10 OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender au…
CVE-2026-40223 2026-04-10 In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
CVE-2026-35640 2026-04-09 OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send …
CVE-2026-35637 2026-04-09 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit th…
CVE-2026-35636 2026-04-09 OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. San…
CVE-2026-35627 2026-04-09 OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-…
CVE-2026-35386 2026-04-02 In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also…
CVE-2026-33305 2026-03-19 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) al…
CVE-2025-9904 2025-09-28 Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer D…
CVE-2025-55114 2025-09-16 The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent…
CVE-2025-48965 2025-07-20 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-09-09
版本
1.0

內容修訂

日期 名稱 版本 重要性 評論
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Description
2011-03-29 CWE Content Team 1.12 updated Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships, Weakness_Ordinalities
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Observed_Examples
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Description, Observed_Examples, Relationships
2021-03-15 CWE Content Team 4.4 updated Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, Observed_Examples
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples
2025-04-03 CWE Content Team 4.17 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Description
cvelogic Threat Intelligence