CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-39FV-QP4H-M8JW
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2024-08-13 18:31An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2024-27442"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T15:15:20Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.",
"id": "GHSA-39fv-qp4h-m8jw",
"modified": "2024-08-13T18:31:14Z",
"published": "2024-08-12T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27442"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39XP-M58Q-6R58
Vulnerability from github – Published: 2023-08-09 03:30 – Updated: 2024-04-04 06:43"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).
{
"affected": [],
"aliases": [
"CVE-2023-39341"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-09T03:15:43Z",
"severity": "LOW"
},
"details": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).",
"id": "GHSA-39xp-m58q-6r58",
"modified": "2024-04-04T06:43:14Z",
"published": "2023-08-09T03:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39341"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN42527152"
},
{
"type": "WEB",
"url": "https://www.ffri.jp/security-info/index.htm"
},
{
"type": "WEB",
"url": "https://www.skyseaclientview.net/news/230807_01"
},
{
"type": "WEB",
"url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
},
{
"type": "WEB",
"url": "https://www.sourcenext.com/support/i/2023/230718_01"
},
{
"type": "WEB",
"url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3C33-2J43-9JQP
Vulnerability from github – Published: 2023-03-15 15:30 – Updated: 2023-03-21 21:30An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.
{
"affected": [],
"aliases": [
"CVE-2022-45155"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-15T13:15:00Z",
"severity": "MODERATE"
},
"details": "An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.",
"id": "GHSA-3c33-2j43-9jqp",
"modified": "2023-03-21T21:30:19Z",
"published": "2023-03-15T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45155"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3CCW-6P8H-92CH
Vulnerability from github – Published: 2024-03-07 15:30 – Updated: 2025-03-11 18:32JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.
{
"affected": [],
"aliases": [
"CVE-2023-42509"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-07T14:15:46Z",
"severity": "MODERATE"
},
"details": "JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.",
"id": "GHSA-3ccw-6p8h-92ch",
"modified": "2025-03-11T18:32:02Z",
"published": "2024-03-07T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42509"
},
{
"type": "WEB",
"url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F6H-2HRP-W5WX
Vulnerability from github – Published: 2026-04-10 17:32 – Updated: 2026-04-10 19:46redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.57.0"
},
"package": {
"ecosystem": "npm",
"name": "@sveltejs/kit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.57.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40074"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T17:32:00Z",
"nvd_published_at": "2026-04-10T17:17:12Z",
"severity": "MODERATE"
},
"details": "`redirect`, when called from inside the `handle` server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled `TypeError`. This could result in DoS on some platforms, especially if the location passed to `redirect` contains unsanitized user input.",
"id": "GHSA-3f6h-2hrp-w5wx",
"modified": "2026-04-10T19:46:47Z",
"published": "2026-04-10T17:32:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40074"
},
{
"type": "WEB",
"url": "https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd"
},
{
"type": "PACKAGE",
"url": "https://github.com/sveltejs/kit"
},
{
"type": "WEB",
"url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1"
},
{
"type": "WEB",
"url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service"
}
GHSA-3FGW-53WH-C98C
Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.
Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
This issue affects:
Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.
Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.
{
"affected": [],
"aliases": [
"CVE-2024-39552"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T17:15:16Z",
"severity": "HIGH"
},
"details": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.\n\nContinuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n \nJuniper Networks Junos OS:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R2.\n\n\n\nJuniper Networks Junos OS Evolved:\n * All versions earlier than 21.2R3-S7;\n * 21.3-EVO versions earlier than 21.3R3-S5;\n * 21.4-EVO versions earlier than 21.4R3-S8;\n * 22.1-EVO versions earlier than 22.1R3-S4;\n * 22.2-EVO versions earlier than 22.2R3-S3;\n * 22.3-EVO versions earlier than 22.3R3-S2;\n * 22.4-EVO versions earlier than 22.4R3;\n * 23.2-EVO versions earlier than 23.2R2.",
"id": "GHSA-3fgw-53wh-c98c",
"modified": "2024-07-11T18:31:14Z",
"published": "2024-07-11T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39552"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75726"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3FP4-RV66-MVJ2
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-07-13 00:00A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-16933"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T23:15:00Z",
"severity": "HIGH"
},
"details": "A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka \u0027Microsoft Word Security Feature Bypass Vulnerability\u0027.",
"id": "GHSA-3fp4-rv66-mvj2",
"modified": "2022-07-13T00:00:44Z",
"published": "2022-05-24T17:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16933"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GF3-WXCR-V28J
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.
{
"affected": [],
"aliases": [
"CVE-2017-0759"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-08T20:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.",
"id": "GHSA-3gf3-wxcr-v28j",
"modified": "2022-05-13T01:40:38Z",
"published": "2022-05-13T01:40:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0759"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100649"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3HWP-78X6-2274
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-07-13 00:01There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
{
"affected": [],
"aliases": [
"CVE-2021-22409"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.",
"id": "GHSA-3hwp-78x6-2274",
"modified": "2022-07-13T00:01:09Z",
"published": "2022-05-24T19:02:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22409"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-02-dos-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3M2Q-3QHR-66RQ
Vulnerability from github – Published: 2023-02-06 21:30 – Updated: 2023-02-14 03:30In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.
{
"affected": [],
"aliases": [
"CVE-2022-32655"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T20:15:00Z",
"severity": "MODERATE"
},
"details": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.",
"id": "GHSA-3m2q-3qhr-66rq",
"modified": "2023-02-14T03:30:21Z",
"published": "2023-02-06T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32655"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.