CWE-391
Unchecked Error Condition
Description
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10526 | — | Hig | 0.49 | 8.6 | 0.02 | May 31, 2018 | A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this… | |
| CVE-2017-7496 | Hig | 0.46 | 7.0 | 0.00 | Jun 26, 2017 | fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories. | ||
| CVE-2024-52316 | — | 0.00 | — | 0.06 | Nov 18, 2024 | Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to… | ||
| CVE-2023-0572 | 0.00 | — | 0.01 | Jan 29, 2023 | Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | |||
| CVE-2019-14853 | — | 0.00 | — | 0.03 | Nov 26, 2019 | An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | ||
| CVE-2018-1091 | Med | 0.00 | 5.5 | 0.00 | Mar 27, 2018 | In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of… | ||
| CVE-2017-12187 | Cri | 0.00 | 9.8 | 0.03 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12186 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12185 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12184 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12183 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12182 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12181 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12180 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12179 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12178 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12177 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12176 | Cri | 0.00 | 9.8 | 0.04 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. |
- risk 0.49cvss 8.6epss 0.02
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this…
- risk 0.46cvss 7.0epss 0.00
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
- CVE-2024-52316Nov 18, 2024risk 0.00cvss —epss 0.06
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to…
- CVE-2023-0572Jan 29, 2023risk 0.00cvss —epss 0.01
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
- CVE-2019-14853Nov 26, 2019risk 0.00cvss —epss 0.03
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
- risk 0.00cvss 5.5epss 0.00
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of…
- risk 0.00cvss 9.8epss 0.03
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- risk 0.00cvss 9.8epss 0.04
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.