CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
686 vulnerabilities reference this CWE, most recent first.
GHSA-P3JP-Q7FM-CGRW
Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-29 21:30Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack modern compile-time and runtime exploit mitigations and rely on outdated runtimes. These binaries are built as 32-bit, without Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), Control Flow Guard (CFG), or stack-protection, and they incorporate legacy technologies (Pascal/Delphi and Python 2) which are no longer commonly maintained. Several of these processes run with elevated privileges (NT AUTHORITY\SYSTEM for PrinterInstallerClient.exe and PrinterInstallerClientLauncher.exe), and the client automatically downloads and installs printer drivers. The absence of modern memory safety mitigations and the use of unmaintained runtimes substantially increase the risk that memory-corruption or other exploit primitives — for example from crafted driver content or maliciously crafted inputs — can be turned into remote or local code execution and privilege escalation to SYSTEM.
{
"affected": [],
"aliases": [
"CVE-2025-34193"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-19T19:15:39Z",
"severity": "HIGH"
},
"details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack modern compile-time and runtime exploit mitigations and rely on outdated runtimes. These binaries are built as 32-bit, without Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), Control Flow Guard (CFG), or stack-protection, and they incorporate legacy technologies (Pascal/Delphi and Python 2) which are no longer commonly maintained. Several of these processes run with elevated privileges (NT AUTHORITY\\SYSTEM for PrinterInstallerClient.exe and PrinterInstallerClientLauncher.exe), and the client automatically downloads and installs printer drivers. The absence of modern memory safety mitigations and the use of unmaintained runtimes substantially increase the risk that memory-corruption or other exploit primitives \u2014 for example from crafted driver content or maliciously crafted inputs \u2014 can be turned into remote or local code execution and privilege escalation to SYSTEM.",
"id": "GHSA-p3jp-q7fm-cgrw",
"modified": "2025-09-29T21:30:20Z",
"published": "2025-09-19T21:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34193"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-insecure-programs"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-windows-components-lack-modern-memory-protections-and-use-outdated-runtimes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P3R4-F5WW-GWF6
Vulnerability from github – Published: 2025-09-09 15:31 – Updated: 2025-09-17 18:31A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.
{
"affected": [],
"aliases": [
"CVE-2025-8008"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T13:15:32Z",
"severity": "HIGH"
},
"details": "A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.",
"id": "GHSA-p3r4-f5ww-gwf6",
"modified": "2025-09-17T18:31:17Z",
"published": "2025-09-09T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8008"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1739.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P438-C5RW-CQ9H
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-27 00:00CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
{
"affected": [],
"aliases": [
"CVE-2022-34641"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T23:15:00Z",
"severity": "MODERATE"
},
"details": "CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.",
"id": "GHSA-p438-c5rw-cq9h",
"modified": "2022-07-27T00:00:34Z",
"published": "2022-07-19T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34641"
},
{
"type": "WEB",
"url": "https://github.com/openhwgroup/cva6/issues/906"
},
{
"type": "WEB",
"url": "https://github.com/riscv-boom/riscv-boom/issues/605"
},
{
"type": "WEB",
"url": "https://github.com/openhwgroup/cva6/pull/908"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5GC-VRFJ-FV23
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-06 18:30Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-34849"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.",
"id": "GHSA-p5gc-vrfj-fv23",
"modified": "2023-03-06T18:30:21Z",
"published": "2023-02-16T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34849"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00727.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5PG-WM9Q-8V6R
Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2022-03-07 19:34metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.drewnoakes:metadata-extractor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24613"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-07T19:34:44Z",
"nvd_published_at": "2022-02-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.",
"id": "GHSA-p5pg-wm9q-8v6r",
"modified": "2022-03-07T19:34:44Z",
"published": "2022-02-25T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24613"
},
{
"type": "WEB",
"url": "https://github.com/drewnoakes/metadata-extractor/issues/561"
},
{
"type": "PACKAGE",
"url": "https://github.com/drewnoakes/metadata-extractor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Handling of Exceptional Conditions inn metadata-extractor"
}
GHSA-P5V5-VRQ2-W73F
Vulnerability from github – Published: 2022-04-21 01:54 – Updated: 2024-04-03 23:04burn allows file names to escape via mishandled quotation marks
{
"affected": [],
"aliases": [
"CVE-2009-5043"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-31T16:15:00Z",
"severity": "CRITICAL"
},
"details": "burn allows file names to escape via mishandled quotation marks",
"id": "GHSA-p5v5-vrq2-w73f",
"modified": "2024-04-03T23:04:12Z",
"published": "2022-04-21T01:54:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5043"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P67H-HGQ7-6V2W
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-08 00:30Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.
{
"affected": [],
"aliases": [
"CVE-2022-36287"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.",
"id": "GHSA-p67h-hgq7-6v2w",
"modified": "2023-03-08T00:30:34Z",
"published": "2023-02-16T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36287"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00739.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7G2-XW88-GXG3
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476
{
"affected": [],
"aliases": [
"CVE-2020-0004"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-08T19:15:00Z",
"severity": "LOW"
},
"details": "In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476",
"id": "GHSA-p7g2-xw88-gxg3",
"modified": "2022-05-24T17:05:53Z",
"published": "2022-05-24T17:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0004"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P87G-J8M4-PQ52
Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfs_find_entry()
Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2.
The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails.
If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts.
Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry().
The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.
{
"affected": [],
"aliases": [
"CVE-2024-50202"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T06:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: propagate directory read errors from nilfs_find_entry()\n\nSyzbot reported that a task hang occurs in vcs_open() during a fuzzing\ntest for nilfs2.\n\nThe root cause of this problem is that in nilfs_find_entry(), which\nsearches for directory entries, ignores errors when loading a directory\npage/folio via nilfs_get_folio() fails.\n\nIf the filesystem images is corrupted, and the i_size of the directory\ninode is large, and the directory page/folio is successfully read but\nfails the sanity check, for example when it is zero-filled,\nnilfs_check_folio() may continue to spit out error messages in bursts.\n\nFix this issue by propagating the error to the callers when loading a\npage/folio fails in nilfs_find_entry().\n\nThe current interface of nilfs_find_entry() and its callers is outdated\nand cannot propagate error codes such as -EIO and -ENOMEM returned via\nnilfs_find_entry(), so fix it together.",
"id": "GHSA-p87g-j8m4-pq52",
"modified": "2025-11-04T00:31:57Z",
"published": "2024-11-08T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P89W-8R2H-7MJP
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2025-07-03 21:31ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
{
"affected": [],
"aliases": [
"CVE-2019-25043"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a \"string index out of range\" error and worker-process crash for a \"Cookie: =abc\" header.",
"id": "GHSA-p89w-8r2h-7mjp",
"modified": "2025-07-03T21:31:20Z",
"published": "2022-05-24T19:01:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25043"
},
{
"type": "WEB",
"url": "https://github.com/SpiderLabs/ModSecurity/issues/2566"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.