Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-655P-CXF7-QPCH

Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30
VLAI
Details

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T03:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.",
  "id": "GHSA-655p-cxf7-qpch",
  "modified": "2023-12-05T03:30:23Z",
  "published": "2023-12-05T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42559"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-659J-3HW5-R5X6

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-06T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.",
  "id": "GHSA-659j-3hw5-r5x6",
  "modified": "2022-05-24T17:46:40Z",
  "published": "2022-05-24T17:46:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30046"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ukoethe/vigra/issues/494"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-65HJ-59G8-FJJC

Vulnerability from github – Published: 2023-02-20 06:30 – Updated: 2023-02-28 21:30
VLAI
Details

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-20T04:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.",
  "id": "GHSA-65hj-59g8-fjjc",
  "modified": "2023-02-28T21:30:17Z",
  "published": "2023-02-20T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48329"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/afbe08d256d609eee5195c5b0003cfb723ae7af1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/compare/v2.4.165...v2.4.166"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6627-JCX5-J2G8

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:30
VLAI
Details

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755",
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.",
  "id": "GHSA-6627-jcx5-j2g8",
  "modified": "2024-04-04T00:30:38Z",
  "published": "2022-05-24T16:45:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3559"
    },
    {
      "type": "WEB",
      "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6677-FGC8-98H4

Vulnerability from github – Published: 2023-09-13 18:31 – Updated: 2024-04-04 07:39
VLAI
Details

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-13T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n",
  "id": "GHSA-6677-fgc8-98h4",
  "modified": "2024-04-04T07:39:28Z",
  "published": "2023-09-13T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3280"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2023-3280"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67HV-GHCG-2JFQ

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2023-11-15 21:35
VLAI
Details

Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-15T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.",
  "id": "GHSA-67hv-ghcg-2jfq",
  "modified": "2023-11-15T21:35:01Z",
  "published": "2022-05-24T17:47:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23886"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10354"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69H8-P3G9-H9GC

Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2025-10-01 03:30
VLAI
Details

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-24T06:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker could inject malformed data into url input parameters to reboot the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.",
  "id": "GHSA-69h8-p3g9-h9gc",
  "modified": "2025-10-01T03:30:26Z",
  "published": "2024-12-24T06:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41886"
    },
    {
      "type": "WEB",
      "url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6C2H-X2JR-X8W2

Vulnerability from github – Published: 2022-01-05 00:01 – Updated: 2022-01-14 00:03
VLAI
Details

Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-04T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.",
  "id": "GHSA-6c2h-x2jr-x8w2",
  "modified": "2022-01-14T00:03:14Z",
  "published": "2022-01-05T00:01:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20870"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU95192472/index.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU95192472/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.konicaminolta.com/global/newsroom/topics/2021/1224-01-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.konicaminolta.jp/business/support/important/211224_01_01.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6C4V-M93P-5C6V

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-13 15:30
VLAI
Details

Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.",
  "id": "GHSA-6c4v-m93p-5c6v",
  "modified": "2023-03-13T15:30:18Z",
  "published": "2023-02-16T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29493"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6FJM-FFGR-G6GP

Vulnerability from github – Published: 2025-10-23 15:30 – Updated: 2025-11-04 15:31
VLAI
Details

Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.  The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-23T14:15:39Z",
    "severity": "HIGH"
  },
  "details": "Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to\u00a0/cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.\u00a0\nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.",
  "id": "GHSA-6fjm-ffgr-g6gp",
  "modified": "2025-11-04T15:31:29Z",
  "published": "2025-10-23T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53702"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.