Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

685 vulnerabilities reference this CWE, most recent first.

GHSA-39FV-QP4H-M8JW

Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2024-08-13 18:31
VLAI
Details

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-12T15:15:20Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.",
  "id": "GHSA-39fv-qp4h-m8jw",
  "modified": "2024-08-13T18:31:14Z",
  "published": "2024-08-12T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27442"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-39XP-M58Q-6R58

Vulnerability from github – Published: 2023-08-09 03:30 – Updated: 2024-04-04 06:43
VLAI
Details

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-09T03:15:43Z",
    "severity": "LOW"
  },
  "details": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).",
  "id": "GHSA-39xp-m58q-6r58",
  "modified": "2024-04-04T06:43:14Z",
  "published": "2023-08-09T03:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39341"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN42527152"
    },
    {
      "type": "WEB",
      "url": "https://www.ffri.jp/security-info/index.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.skyseaclientview.net/news/230807_01"
    },
    {
      "type": "WEB",
      "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcenext.com/support/i/2023/230718_01"
    },
    {
      "type": "WEB",
      "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3C33-2J43-9JQP

Vulnerability from github – Published: 2023-03-15 15:30 – Updated: 2023-03-21 21:30
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-15T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.",
  "id": "GHSA-3c33-2j43-9jqp",
  "modified": "2023-03-21T21:30:19Z",
  "published": "2023-03-15T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45155"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3CCW-6P8H-92CH

Vulnerability from github – Published: 2024-03-07 15:30 – Updated: 2025-03-11 18:32
VLAI
Details

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-07T14:15:46Z",
    "severity": "MODERATE"
  },
  "details": "JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.",
  "id": "GHSA-3ccw-6p8h-92ch",
  "modified": "2025-03-11T18:32:02Z",
  "published": "2024-03-07T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42509"
    },
    {
      "type": "WEB",
      "url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3F6H-2HRP-W5WX

Vulnerability from github – Published: 2026-04-10 17:32 – Updated: 2026-04-10 19:46
VLAI
Summary
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
Details

redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.57.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@sveltejs/kit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.57.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-10T17:32:00Z",
    "nvd_published_at": "2026-04-10T17:17:12Z",
    "severity": "MODERATE"
  },
  "details": "`redirect`, when called from inside the `handle` server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled `TypeError`. This could result in DoS on some platforms, especially if the location passed to `redirect` contains unsanitized user input.",
  "id": "GHSA-3f6h-2hrp-w5wx",
  "modified": "2026-04-10T19:46:47Z",
  "published": "2026-04-10T17:32:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sveltejs/kit"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service"
}

GHSA-3FGW-53WH-C98C

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).

When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.

Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.

This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.

This issue affects:

Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.

Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T17:15:16Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.\n\nContinuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations.  This issue requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n \nJuniper Networks Junos OS:\n  *  All versions earlier than 20.4R3-S9;\n  *  21.2 versions earlier than 21.2R3-S7;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S6;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S2;\n  *  22.4 versions earlier than 22.4R3;\n  *  23.2 versions earlier than 23.2R2.\n\n\n\nJuniper Networks Junos OS Evolved:\n  *  All versions earlier than 21.2R3-S7;\n  *  21.3-EVO versions earlier than 21.3R3-S5;\n  *  21.4-EVO versions earlier than 21.4R3-S8;\n  *  22.1-EVO versions earlier than 22.1R3-S4;\n  *  22.2-EVO versions earlier than 22.2R3-S3;\n  *  22.3-EVO versions earlier than 22.3R3-S2;\n  *  22.4-EVO versions earlier than 22.4R3;\n  *  23.2-EVO versions earlier than 23.2R2.",
  "id": "GHSA-3fgw-53wh-c98c",
  "modified": "2024-07-11T18:31:14Z",
  "published": "2024-07-11T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39552"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75726"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3FP4-RV66-MVJ2

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-07-13 00:00
VLAI
Details

A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka \u0027Microsoft Word Security Feature Bypass Vulnerability\u0027.",
  "id": "GHSA-3fp4-rv66-mvj2",
  "modified": "2022-07-13T00:00:44Z",
  "published": "2022-05-24T17:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16933"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16933"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GF3-WXCR-V28J

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-08T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.",
  "id": "GHSA-3gf3-wxcr-v28j",
  "modified": "2022-05-13T01:40:38Z",
  "published": "2022-05-13T01:40:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0759"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-09-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100649"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HWP-78X6-2274

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-07-13 00:01
VLAI
Details

There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.",
  "id": "GHSA-3hwp-78x6-2274",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T19:02:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22409"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3M2Q-3QHR-66RQ

Vulnerability from github – Published: 2023-02-06 21:30 – Updated: 2023-02-14 03:30
VLAI
Details

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-06T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.",
  "id": "GHSA-3m2q-3qhr-66rq",
  "modified": "2023-02-14T03:30:21Z",
  "published": "2023-02-06T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32655"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.