CWE-252
Unchecked Return Value
Description
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Hierarchy (View 1000)
CVEs mapped to this weakness (55)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37902 | 0.00 | — | 0.00 | Jul 25, 2023 | Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory… | |||
| CVE-2022-23495 | — | 0.00 | — | 0.01 | Dec 8, 2022 | go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error… | ||
| CVE-2022-23476 | 0.00 | — | 0.02 | Dec 8, 2022 | Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when… | |||
| CVE-2022-40716 | 0.00 | — | 0.01 | Sep 23, 2022 | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2." | |||
| CVE-2022-31170 | 0.00 | — | 0.01 | Jul 21, 2022 | OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance… | |||
| CVE-2022-31089 | 0.00 | — | 0.01 | Jun 27, 2022 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a… | |||
| CVE-2022-21211 | 0.00 | — | 0.01 | Jun 10, 2022 | This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. | |||
| CVE-2021-3911 | 0.00 | — | 0.01 | Nov 11, 2021 | If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | |||
| CVE-2021-28675 | — | 0.00 | — | 0.01 | Jun 2, 2021 | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. | ||
| CVE-2021-26955 | — | 0.00 | — | 0.02 | Feb 9, 2021 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. | ||
| CVE-2021-26958 | — | 0.00 | — | 0.02 | Feb 9, 2021 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | ||
| CVE-2020-17533 | 0.00 | — | 0.04 | Dec 29, 2020 | Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and… | |||
| CVE-2020-15191 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly… | |||
| CVE-2018-16643 | Med | 0.00 | 6.5 | 0.03 | Sep 6, 2018 | The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via… | ||
| CVE-2007-5191 | 0.00 | — | 0.00 | Oct 4, 2007 | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. |
- CVE-2023-37902Jul 25, 2023risk 0.00cvss —epss 0.00
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory…
- CVE-2022-23495Dec 8, 2022risk 0.00cvss —epss 0.01
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error…
- CVE-2022-23476Dec 8, 2022risk 0.00cvss —epss 0.02
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when…
- CVE-2022-40716Sep 23, 2022risk 0.00cvss —epss 0.01
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
- CVE-2022-31170Jul 21, 2022risk 0.00cvss —epss 0.01
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance…
- CVE-2022-31089Jun 27, 2022risk 0.00cvss —epss 0.01
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a…
- CVE-2022-21211Jun 10, 2022risk 0.00cvss —epss 0.01
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.
- CVE-2021-3911Nov 11, 2021risk 0.00cvss —epss 0.01
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
- CVE-2021-28675Jun 2, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
- CVE-2021-26955Feb 9, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.
- CVE-2021-26958Feb 9, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.
- CVE-2020-17533Dec 29, 2020risk 0.00cvss —epss 0.04
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and…
- CVE-2020-15191Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly…
- risk 0.00cvss 6.5epss 0.03
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via…
- CVE-2007-5191Oct 4, 2007risk 0.00cvss —epss 0.00
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.