Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-8RFX-6MR3-5JH3

Vulnerability from github – Published: 2024-01-03 18:30 – Updated: 2024-09-06 21:37
VLAI
Summary
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.

Original Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Newtonsoft.Json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "13.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T20:06:13Z",
    "nvd_published_at": "2024-01-03T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.\n\n### Original Description\nNewtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n",
  "id": "GHSA-8rfx-6mr3-5jh3",
  "modified": "2024-09-06T21:37:39Z",
  "published": "2024-01-03T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21907"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66"
    },
    {
      "type": "WEB",
      "url": "https://alephsecurity.com/2018/10/22/StackOverflowException"
    },
    {
      "type": "WEB",
      "url": "https://alephsecurity.com/vulns/aleph-2018004"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json",
  "withdrawn": "2024-01-03T20:06:13Z"
}

GHSA-8RG8-WFMH-W9W9

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01
VLAI
Details

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-668",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T22:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.",
  "id": "GHSA-8rg8-wfmh-w9w9",
  "modified": "2022-11-10T19:01:10Z",
  "published": "2022-11-10T12:01:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39886"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9365-9QH8-MWX7

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper handling of exceptional conditions in SuiteLink server while processing command 0x01",
  "id": "GHSA-9365-9qh8-mwx7",
  "modified": "2022-05-24T19:15:33Z",
  "published": "2022-05-24T19:15:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32999"
    },
    {
      "type": "WEB",
      "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-93CC-G9P8-JRR7

Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2025-02-07 21:30
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.

Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:

BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)

Only systems with segment routing enabled are vulnerable to this issue.

This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.

This issue affects:

Junos OS:

  • All versions before 21.4R3-S8,
  • from 22.2 before 22.2R3-S4,
  • from 22.3 before 22.3R3-S3,
  • from 22.4 before 22.4R3-S3,
  • from 23.2 before 23.2R2-S1,
  • from 23.4 before 23.4R1-S2, 23.4R2.

Junos OS Evolved: 

  • All versions before 21.4R3-S8-EVO,
  • from 22.2-EVO before 22.2R3-S4-EVO,
  • from 22.3-EVO before 22.3R3-S3-EVO,
  • from 22.4-EVO before 22.4R3-S3-EVO,
  • from 23.2-EVO before 23.2R2-S1-EVO,
  • from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-10T23:15:11Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS).  Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n  *  All versions before 21.4R3-S8, \n  *  from 22.2 before 22.2R3-S4, \n  *  from 22.3 before 22.3R3-S3, \n  *  from 22.4 before 22.4R3-S3, \n  *  from 23.2 before 23.2R2-S1, \n  *  from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n  *  All versions before 21.4R3-S8-EVO, \n  *  from 22.2-EVO before 22.2R3-S4-EVO, \n  *  from 22.3-EVO before 22.3R3-S3-EVO, \n  *  from 22.4-EVO before 22.4R3-S3-EVO, \n  *  from 23.2-EVO before 23.2R2-S1-EVO, \n  *  from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.",
  "id": "GHSA-93cc-g9p8-jrr7",
  "modified": "2025-02-07T21:30:58Z",
  "published": "2024-07-11T00:32:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39555"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA83015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-942F-W2GM-P948

Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.

When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.

Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series:

  • all versions before 21.4R3-S12, 
  • from 22.4 before 22.4R3-S8, 
  • from 23.2 before 23.2R2-S5, 
  • from 23.4 before 23.4R2-S5, 
  • from 24.2 before 24.2R2-S3, 
  • from 24.4 before 24.4R2-S1, 
  • from 25.2 before 25.2R1-S1, 25.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T21:16:06Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.\n\nWhen PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below.\u00a0PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.\n\nNote that PMI with GRE performance acceleration is only supported on specific SRX platforms.\nThis issue affects Junos OS on the SRX Series:\n\n\n\n  *  all versions before 21.4R3-S12,\u00a0\n  *  from 22.4 before 22.4R3-S8,\u00a0\n  *  from 23.2 before 23.2R2-S5,\u00a0\n  *  from 23.4 before 23.4R2-S5,\u00a0\n  *  from 24.2 before 24.2R2-S3,\u00a0\n  *  from 24.4 before 24.4R2-S1,\u00a0\n  *  from 25.2 before 25.2R1-S1, 25.2R2.",
  "id": "GHSA-942f-w2gm-p948",
  "modified": "2026-01-15T21:31:48Z",
  "published": "2026-01-15T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21906"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA106005"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA106005"
    },
    {
      "type": "WEB",
      "url": "https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topic-map/security-powermode-ipsec-vpn.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-947G-GMVH-R5RP

Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2025-03-14 18:30
VLAI
Details

Improper Handling of Exceptional Conditions vulnerability in Daurnimator HTTP Library for Lua allows Excessive Allocation.This issue affects HTTP Library for Lua: before commit ddab283.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T08:15:40Z",
    "severity": "HIGH"
  },
  "details": "Improper Handling of Exceptional Conditions vulnerability in Daurnimator HTTP Library for Lua allows Excessive Allocation.This issue affects HTTP Library for Lua: before commit ddab283.",
  "id": "GHSA-947g-gmvh-r5rp",
  "modified": "2025-03-14T18:30:38Z",
  "published": "2023-09-05T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2023/09/CVE-2023-4540"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2023/09/CVE-2023-4540"
    },
    {
      "type": "WEB",
      "url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9588-JWM4-R4W8

Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2022-10-07 18:15
VLAI
Details

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in the Linux kernel\u0027s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions \u003c v5.16-rc6",
  "id": "GHSA-9588-jwm4-r4w8",
  "modified": "2022-10-07T18:15:54Z",
  "published": "2022-02-11T00:01:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0264"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041547"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95Q2-C52X-VR4P

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-21T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected.",
  "id": "GHSA-95q2-c52x-vr4p",
  "modified": "2022-05-13T01:14:33Z",
  "published": "2022-05-13T01:14:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1691"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-fpwr-ssltls-dos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107099"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-975F-FVHV-8MHX

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2024-03-27 15:30
VLAI
Details

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
  "id": "GHSA-975f-fvhv-8mhx",
  "modified": "2024-03-27T15:30:33Z",
  "published": "2022-05-24T19:10:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1213175"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210902-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-975H-8RJ2-FCMC

Vulnerability from github – Published: 2026-03-05 09:30 – Updated: 2026-03-06 00:31
VLAI
Details

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T09:16:11Z",
    "severity": "HIGH"
  },
  "details": "Permission bypass vulnerability in the system service framework.\u00a0Impact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-975h-8rj2-fcmc",
  "modified": "2026-03-06T00:31:31Z",
  "published": "2026-03-05T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28542"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.