VYPR

CWE-248

Uncaught Exception

BaseDraft

Description

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Hierarchy (View 1000)

Children

CVEs mapped to this weakness (125)

page 6 of 7
  • CVE-2023-42444Sep 19, 2023
    risk 0.00cvss epss 0.01

    phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment…

  • CVE-2023-4785Sep 13, 2023
    risk 0.00cvss epss 0.01

    Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are…

  • CVE-2022-25024Aug 22, 2023
    risk 0.00cvss epss 0.01

    The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.

  • CVE-2023-38504Jul 27, 2023
    risk 0.00cvss epss 0.01

    Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js`…

  • CVE-2023-31125May 8, 2023
    risk 0.00cvss epss 0.01

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are…

  • CVE-2023-2251Apr 24, 2023
    risk 0.00cvss epss 0.01

    Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

  • CVE-2023-29520Apr 18, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The…

  • CVE-2023-0790Feb 12, 2023
    risk 0.00cvss epss 0.01

    Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

  • CVE-2023-22477Jan 9, 2023
    risk 0.00cvss epss 0.01

    Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions.

  • CVE-2022-41940Nov 22, 2022
    risk 0.00cvss epss 0.02

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the…

  • CVE-2022-3500Nov 22, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in…

  • CVE-2022-39386Nov 8, 2022
    risk 0.00cvss epss 0.01

    @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been…

  • CVE-2022-36046Aug 31, 2022
    risk 0.00cvss epss 0.01

    Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start…

  • CVE-2022-31015May 31, 2022
    risk 0.00cvss epss 0.01

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not…

  • CVE-2022-24434May 20, 2022
    risk 0.00cvss epss 0.03

    This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

  • CVE-2022-25324May 6, 2022
    risk 0.00cvss epss 0.01

    All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.

  • CVE-2022-21227May 1, 2022
    risk 0.00cvss epss 0.02

    The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

  • CVE-2022-24822Apr 6, 2022
    risk 0.00cvss epss 0.02

    Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior…

  • CVE-2022-24615Feb 24, 2022
    risk 0.00cvss epss 0.01

    zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.

  • CVE-2019-25055Dec 26, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.