Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-4JWC-W2HC-78QV

Vulnerability from github – Published: 2024-10-01 22:27 – Updated: 2025-09-16 14:43
VLAI
Summary
Tonic has remotely exploitable denial of service vulnerability
Details

Impact

When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit.

More information can be found here

Patches

Upgrading to tonic 0.12.3 and above contains the fix.

Workarounds

A custom accept loop is a possible workaround.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tonic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.2"
            },
            {
              "fixed": "0.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-01T22:27:58Z",
    "nvd_published_at": "2024-10-01T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen using `tonic::transport::Server` there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit. \n\nMore information can be found [here](https://github.com/hyperium/tonic/issues/1897)\n\n### Patches\n\nUpgrading to tonic `0.12.3` and above contains the fix. \n\n### Workarounds\n\nA custom accept loop is a possible workaround.",
  "id": "GHSA-4jwc-w2hc-78qv",
  "modified": "2025-09-16T14:43:30Z",
  "published": "2024-10-01T22:27:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperium/tonic/issues/1897"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperium/tonic"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0376.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Tonic has remotely exploitable denial of service vulnerability"
}

GHSA-4PF4-M389-3PXH

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00
VLAI
Details

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.",
  "id": "GHSA-4pf4-m389-3pxh",
  "modified": "2022-05-24T17:00:05Z",
  "published": "2022-05-24T17:00:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6843"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4RPR-FQV3-F3V5

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-28T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",
  "id": "GHSA-4rpr-fqv3-f3v5",
  "modified": "2022-05-13T01:18:58Z",
  "published": "2022-05-13T01:18:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11921"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106845"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4VR7-G93G-CF6M

Vulnerability from github – Published: 2025-09-17 12:30 – Updated: 2025-09-17 20:24
VLAI
Summary
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

Original Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "picklescan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-17T20:24:21Z",
    "nvd_published_at": "2025-09-17T11:15:32Z",
    "severity": "CRITICAL"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nAn Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files.\u00a0When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.",
  "id": "GHSA-4vr7-g93g-cf6m",
  "modified": "2025-09-17T20:24:21Z",
  "published": "2025-09-17T12:30:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10156"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35"
    },
    {
      "type": "WEB",
      "url": "https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true"
    },
    {
      "type": "WEB",
      "url": "https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check",
  "withdrawn": "2025-09-17T20:24:21Z"
}

GHSA-4VWX-54MW-VQFW

Vulnerability from github – Published: 2024-04-12 17:05 – Updated: 2024-04-15 19:41
VLAI
Summary
Traefik vulnerable to denial of service with Content-length header
Details

There is a potential vulnerability in Traefik managing requests with Content-length and no body .

Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.

Patches

  • https://github.com/traefik/traefik/releases/tag/v2.11.2
  • https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5

Workarounds

For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

For more information

If you have any questions or comments about this advisory, please open an issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.0-rc4"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0-beta3"
            },
            {
              "fixed": "3.0.0-rc5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.11.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.11.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-12T17:05:13Z",
    "nvd_published_at": "2024-04-12T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` .\n\nSending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.2\n- https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5\n\n## Workarounds\n\nFor affected versions, this vulnerability can be mitigated by configuring the [readTimeout](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) option.\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).",
  "id": "GHSA-4vwx-54mw-vqfw",
  "modified": "2024-04-15T19:41:13Z",
  "published": "2024-04-12T17:05:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28869"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6"
    },
    {
      "type": "WEB",
      "url": "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/traefik/traefik"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Traefik vulnerable to denial of service with Content-length header"
}

GHSA-4WXC-GCH7-6J67

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-12T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.",
  "id": "GHSA-4wxc-gch7-6j67",
  "modified": "2022-05-24T17:42:04Z",
  "published": "2022-05-24T17:42:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20642"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.elecom.co.jp/news/security/20210126-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X26-G7HR-M7G8

Vulnerability from github – Published: 2023-11-02 12:30 – Updated: 2023-11-02 12:30
VLAI
Details

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-02T11:15:14Z",
    "severity": "MODERATE"
  },
  "details": "\nDell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.\n\n",
  "id": "GHSA-4x26-g7hr-m7g8",
  "modified": "2023-11-02T12:30:16Z",
  "published": "2023-11-02T12:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43087"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000218934/powerscale-onefs-security-updates-for-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X34-CHG5-MWJJ

Vulnerability from github – Published: 2026-07-06 19:27 – Updated: 2026-07-06 19:27
VLAI
Summary
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
Details

In Chmoder::chmod() the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the last file processed:

if self.recursive {
    r = self.walk_dir_with_context(file, true);   // overwrites r
} else {
    r = self.chmod_file(file).and(r);
}

PoC: GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:

$ chmod -R 0755 chmod-bug/root chmod-bug/user  # GNU -> ret=1
$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user  # -> ret=0

Impact: scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.

Remediation: Acknowledged by Canonical; fixed in commit abd581f6.


Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.2. Credit: Zellic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "uu_chmod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-253",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-06T19:27:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:\n\n```\nif self.recursive {\n    r = self.walk_dir_with_context(file, true);   // overwrites r\n} else {\n    r = self.chmod_file(file).and(r);\n}\n```\n\n**PoC:** GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:\n\n```\n$ chmod -R 0755 chmod-bug/root chmod-bug/user  # GNU -\u003e ret=1\n$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user  # -\u003e ret=0\n```\n\n**Impact:** scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.\n\n**Remediation:** Acknowledged by Canonical; fixed in commit abd581f6.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.2. Credit: Zellic._",
  "id": "GHSA-4x34-chg5-mwjj",
  "modified": "2026-07-06T19:27:41Z",
  "published": "2026-07-06T19:27:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/security/advisories/GHSA-4x34-chg5-mwjj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35339"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/9793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)"
}

GHSA-4XX3-XG55-3WR5

Vulnerability from github – Published: 2021-11-24 00:00 – Updated: 2025-10-22 00:32
VLAI
Details

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-23T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-4xx3-xg55-3wr5",
  "modified": "2025-10-22T00:32:26Z",
  "published": "2021-11-24T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38003"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1263462"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52PH-JF97-P27X

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.",
  "id": "GHSA-52ph-jf97-p27x",
  "modified": "2022-05-24T19:10:43Z",
  "published": "2022-05-24T19:10:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0006"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210827-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00479.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.