CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-QWQP-JRW4-2X86
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-28 21:30Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-25917"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.",
"id": "GHSA-qwqp-jrw4-2x86",
"modified": "2022-11-28T21:30:22Z",
"published": "2022-11-11T19:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25917"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QX32-4XRF-2J53
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-07-13 00:01An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
{
"affected": [],
"aliases": [
"CVE-2021-34549"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-29T12:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.",
"id": "GHSA-qx32-4xrf-2j53",
"modified": "2022-07-13T00:01:27Z",
"published": "2022-05-24T19:06:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34549"
},
{
"type": "WEB",
"url": "https://blog.torproject.org/node/2041"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QX5C-44C2-56MQ
Vulnerability from github – Published: 2023-07-04 03:31 – Updated: 2024-04-04 05:21In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.
{
"affected": [],
"aliases": [
"CVE-2023-20692"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-04T02:15:09Z",
"severity": "HIGH"
},
"details": "In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.",
"id": "GHSA-qx5c-44c2-56mq",
"modified": "2024-04-04T05:21:23Z",
"published": "2023-07-04T03:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20692"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXF5-VPWF-VJ9Q
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.
This issue only occurs if DHCP snooping is enabled. See configuration below.
This issue can be detected using following commands. Their output will display the interface status going down:
user@device>show interfaces user@device>show log messages | match user@device>show log messages ==> will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs.
This issue affects: Junos OS on
MX Series
with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304:
- All versions before 21.2R3-S7,
- from 21.4 before 21.4R3-S6,
- from 22.2 before 22.2R3-S3,
- all versions of 22.3,
- from 22.4 before 22.4R3,
- from 23.2 before 23.2R2;
Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO,
- from 21.4-EVO before 21.4R3-S7-EVO,
- from 22.1-EVO before 22.1R3-S6-EVO,
- from 22.2-EVO before 22.2R3-S5-EVO,
- from 22.3-EVO before 22.3R3-S3-EVO,
- from 22.4-EVO before 22.4R3-S1-EVO,
- from 23.2-EVO before 23.2R2-S2-EVO,
- from 23.4-EVO before 23.4R2-EVO.
Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-39526"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T16:15:06Z",
"severity": "HIGH"
},
"details": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).\u00a0 Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nThis issue only occurs if DHCP snooping is enabled. See configuration below.\n\nThis issue can be detected using following commands. Their output will display the interface status going down:\n\n\nuser@device\u003eshow interfaces \u003cif--x/x/x\u003e\nuser@device\u003eshow log messages | match \u003cif--x/x/x\u003e\nuser@device\u003eshow log messages ==\u003e will display the \"[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no,\" logs.\n\nThis issue affects:\nJunos OS on \n\nMX Series \n\nwith MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: \n\n\n * All versions before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.2 before 22.2R3-S3, \n * all versions of 22.3,\n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2; \n\n\n\nJunos OS Evolved on PTX Series: \n * from 19.3R1-EVO before 21.2R3-S8-EVO,\n\n * from 21.4-EVO before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S5-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S1-EVO, \n * from 23.2-EVO before 23.2R2-S2-EVO, \n * from 23.4-EVO before 23.4R2-EVO.\n\n\n\nJunos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability",
"id": "GHSA-qxf5-vpwf-vj9q",
"modified": "2024-10-11T18:32:48Z",
"published": "2024-10-11T18:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39526"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA88103"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R3MR-JGH6-PHPP
Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2023-25543"
],
"database_specific": {
"cwe_ids": [
"CWE-280",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T07:15:08Z",
"severity": "HIGH"
},
"details": "\nDell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. \n\n",
"id": "GHSA-r3mr-jgh6-phpp",
"modified": "2024-02-06T09:31:37Z",
"published": "2024-02-06T09:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25543"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3R2-RV2R-78WF
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-01-24 03:30An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
{
"affected": [],
"aliases": [
"CVE-2020-15701"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-06T23:15:00Z",
"severity": "LOW"
},
"details": "An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.",
"id": "GHSA-r3r2-rv2r-78wf",
"modified": "2023-01-24T03:30:17Z",
"published": "2022-05-24T17:25:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15701"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/1877023"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4449-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4449-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R546-3C3C-RC3G
Vulnerability from github – Published: 2023-08-03 09:30 – Updated: 2024-04-04 06:30Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.
{
"affected": [],
"aliases": [
"CVE-2023-21408"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-03T07:15:12Z",
"severity": "CRITICAL"
},
"details": "\nDue to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials\nthat are used in the integration interface towards 3rd party systems.\n\n",
"id": "GHSA-r546-3c3c-rc3g",
"modified": "2024-04-04T06:30:39Z",
"published": "2023-08-03T09:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21408"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5X6-W42P-JHPP
Vulnerability from github – Published: 2023-03-17 18:22 – Updated: 2023-03-20 13:59Impact
When Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall).
Patches
This vulnerability is fixed by https://github.com/cilium/cilium/pull/24336, included in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x and earlier are not affected.
Workarounds
There are no known workarounds.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Louis DeLosSantos and Timo Beckers for investigating and fixing the issue.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-27595"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-17T18:22:57Z",
"nvd_published_at": "2023-03-17T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium\u0027s featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall).\n\n### Patches\n\nThis vulnerability is fixed by https://github.com/cilium/cilium/pull/24336, included in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x and earlier are not affected.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Louis DeLosSantos and Timo Beckers for investigating and fixing the issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.\n",
"id": "GHSA-r5x6-w42p-jhpp",
"modified": "2023-03-20T13:59:25Z",
"published": "2023-03-17T18:22:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-r5x6-w42p-jhpp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27595"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/pull/24336"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.13.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Cilium eBPF filters may be temporarily removed during agent restart"
}
GHSA-R668-8P4P-W5JH
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2.
{
"affected": [],
"aliases": [
"CVE-2021-0241"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T20:15:00Z",
"severity": "HIGH"
},
"details": "On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2.",
"id": "GHSA-r668-8p4p-w5jh",
"modified": "2022-05-24T17:48:12Z",
"published": "2022-05-24T17:48:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0241"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11168"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R9XW-PV6R-FXR3
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.
{
"affected": [],
"aliases": [
"CVE-2020-5665"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-14T03:15:00Z",
"severity": "HIGH"
},
"details": "Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.",
"id": "GHSA-r9xw-pv6r-fxr3",
"modified": "2022-05-24T17:36:21Z",
"published": "2022-05-24T17:36:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5665"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU95638588/index.html"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.