CWE-248
Uncaught Exception
Description
An exception is thrown from a function, but it is not caught.
Hierarchy (View 1000)
CVEs mapped to this weakness (125)
page 6 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42444 | 0.00 | — | 0.01 | Sep 19, 2023 | phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment… | |||
| CVE-2023-4785 | — | 0.00 | — | 0.01 | Sep 13, 2023 | Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are… | ||
| CVE-2022-25024 | — | 0.00 | — | 0.01 | Aug 22, 2023 | The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service. | ||
| CVE-2023-38504 | 0.00 | — | 0.01 | Jul 27, 2023 | Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js`… | |||
| CVE-2023-31125 | 0.00 | — | 0.01 | May 8, 2023 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are… | |||
| CVE-2023-2251 | — | 0.00 | — | 0.01 | Apr 24, 2023 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | ||
| CVE-2023-29520 | 0.00 | — | 0.01 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The… | |||
| CVE-2023-0790 | — | 0.00 | — | 0.01 | Feb 12, 2023 | Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||
| CVE-2023-22477 | — | 0.00 | — | 0.01 | Jan 9, 2023 | Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. | ||
| CVE-2022-41940 | 0.00 | — | 0.02 | Nov 22, 2022 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the… | |||
| CVE-2022-3500 | 0.00 | — | 0.00 | Nov 22, 2022 | A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in… | |||
| CVE-2022-39386 | — | 0.00 | — | 0.01 | Nov 8, 2022 | @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been… | ||
| CVE-2022-36046 | 0.00 | — | 0.01 | Aug 31, 2022 | Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start… | |||
| CVE-2022-31015 | — | 0.00 | — | 0.01 | May 31, 2022 | Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not… | ||
| CVE-2022-24434 | — | 0.00 | — | 0.03 | May 20, 2022 | This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. | ||
| CVE-2022-25324 | — | 0.00 | — | 0.01 | May 6, 2022 | All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. | ||
| CVE-2022-21227 | — | 0.00 | — | 0.02 | May 1, 2022 | The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. | ||
| CVE-2022-24822 | — | 0.00 | — | 0.02 | Apr 6, 2022 | Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior… | ||
| CVE-2022-24615 | 0.00 | — | 0.01 | Feb 24, 2022 | zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library. | |||
| CVE-2019-25055 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. |
- CVE-2023-42444Sep 19, 2023risk 0.00cvss —epss 0.01
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment…
- CVE-2023-4785Sep 13, 2023risk 0.00cvss —epss 0.01
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are…
- CVE-2022-25024Aug 22, 2023risk 0.00cvss —epss 0.01
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.
- CVE-2023-38504Jul 27, 2023risk 0.00cvss —epss 0.01
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js`…
- CVE-2023-31125May 8, 2023risk 0.00cvss —epss 0.01
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are…
- CVE-2023-2251Apr 24, 2023risk 0.00cvss —epss 0.01
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
- CVE-2023-29520Apr 18, 2023risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The…
- CVE-2023-0790Feb 12, 2023risk 0.00cvss —epss 0.01
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
- CVE-2023-22477Jan 9, 2023risk 0.00cvss —epss 0.01
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions.
- CVE-2022-41940Nov 22, 2022risk 0.00cvss —epss 0.02
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the…
- CVE-2022-3500Nov 22, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in…
- CVE-2022-39386Nov 8, 2022risk 0.00cvss —epss 0.01
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been…
- CVE-2022-36046Aug 31, 2022risk 0.00cvss —epss 0.01
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start…
- CVE-2022-31015May 31, 2022risk 0.00cvss —epss 0.01
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not…
- CVE-2022-24434May 20, 2022risk 0.00cvss —epss 0.03
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
- CVE-2022-25324May 6, 2022risk 0.00cvss —epss 0.01
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.
- CVE-2022-21227May 1, 2022risk 0.00cvss —epss 0.02
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
- CVE-2022-24822Apr 6, 2022risk 0.00cvss —epss 0.02
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior…
- CVE-2022-24615Feb 24, 2022risk 0.00cvss —epss 0.01
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
- CVE-2019-25055Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.