VYPR

CWE-391

Unchecked Error Condition

BaseIncompleteLikelihood: Medium

Description

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (18)

  • CVE-2016-10526HigMay 31, 2018
    risk 0.49cvss 8.6epss 0.02

    A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this…

  • CVE-2017-7496HigJun 26, 2017
    risk 0.46cvss 7.0epss 0.00

    fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.

  • CVE-2024-52316Nov 18, 2024
    risk 0.00cvss epss 0.06

    Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to…

  • CVE-2023-0572Jan 29, 2023
    risk 0.00cvss epss 0.01

    Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.

  • CVE-2019-14853Nov 26, 2019
    risk 0.00cvss epss 0.03

    An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

  • CVE-2018-1091MedMar 27, 2018
    risk 0.00cvss 5.5epss 0.00

    In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of…

  • CVE-2017-12187CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.03

    xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12186CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12185CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12184CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12183CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12182CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12181CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12180CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12179CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12178CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12177CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

  • CVE-2017-12176CriJan 24, 2018
    risk 0.00cvss 9.8epss 0.04

    xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.