CWE-754
Improper Check for Unusual or Exceptional Conditions
Description
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Hierarchy (View 1000)
CVEs mapped to this weakness (226)
page 10 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25122 | 0.00 | — | 0.01 | Feb 13, 2024 | sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker,… | |||
| CVE-2024-23650 | — | 0.00 | — | 0.01 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As… | ||
| CVE-2024-24567 | 0.00 | — | 0.00 | Jan 30, 2024 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due… | |||
| CVE-2023-5967 | 0.00 | — | 0.01 | Nov 6, 2023 | Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin | |||
| CVE-2023-45812 | 0.00 | — | 0.01 | Oct 18, 2023 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a… | |||
| CVE-2023-29198 | 0.00 | — | 0.00 | Sep 6, 2023 | Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in… | |||
| CVE-2022-25024 | — | 0.00 | — | 0.01 | Aug 22, 2023 | The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service. | ||
| CVE-2023-37899 | 0.00 | — | 0.01 | Jul 19, 2023 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending… | |||
| CVE-2023-34099 | 0.00 | — | 0.01 | Jun 27, 2023 | Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been… | |||
| CVE-2023-34449 | 0.00 | — | 0.01 | Jun 14, 2023 | ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or… | |||
| CVE-2023-32695 | 0.00 | — | 0.01 | May 27, 2023 | socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released… | |||
| CVE-2023-23626 | — | 0.00 | — | 0.01 | Feb 9, 2023 | go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the… | ||
| CVE-2023-23931 | 0.00 | — | 0.01 | Feb 7, 2023 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable… | |||
| CVE-2023-0572 | 0.00 | — | 0.01 | Jan 29, 2023 | Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | |||
| CVE-2022-3616 | 0.00 | — | 0.00 | Oct 28, 2022 | Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya… | |||
| CVE-2022-39288 | 0.00 | — | 0.59 | Oct 10, 2022 | fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue… | |||
| CVE-2022-36046 | 0.00 | — | 0.01 | Aug 31, 2022 | Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start… | |||
| CVE-2022-31103 | 0.00 | — | 0.01 | Jun 27, 2022 | lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by… | |||
| CVE-2022-31093 | 0.00 | — | 0.02 | Jun 27, 2022 | NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL… | |||
| CVE-2022-23712 | 0.00 | — | 0.07 | Jun 6, 2022 | A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. |
- CVE-2024-25122Feb 13, 2024risk 0.00cvss —epss 0.01
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker,…
- CVE-2024-23650Jan 31, 2024risk 0.00cvss —epss 0.01
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As…
- CVE-2024-24567Jan 30, 2024risk 0.00cvss —epss 0.00
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due…
- CVE-2023-5967Nov 6, 2023risk 0.00cvss —epss 0.01
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin
- CVE-2023-45812Oct 18, 2023risk 0.00cvss —epss 0.01
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a…
- CVE-2023-29198Sep 6, 2023risk 0.00cvss —epss 0.00
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in…
- CVE-2022-25024Aug 22, 2023risk 0.00cvss —epss 0.01
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.
- CVE-2023-37899Jul 19, 2023risk 0.00cvss —epss 0.01
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending…
- CVE-2023-34099Jun 27, 2023risk 0.00cvss —epss 0.01
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been…
- CVE-2023-34449Jun 14, 2023risk 0.00cvss —epss 0.01
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or…
- CVE-2023-32695May 27, 2023risk 0.00cvss —epss 0.01
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released…
- CVE-2023-23626Feb 9, 2023risk 0.00cvss —epss 0.01
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the…
- CVE-2023-23931Feb 7, 2023risk 0.00cvss —epss 0.01
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable…
- CVE-2023-0572Jan 29, 2023risk 0.00cvss —epss 0.01
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
- CVE-2022-3616Oct 28, 2022risk 0.00cvss —epss 0.00
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya…
- CVE-2022-39288Oct 10, 2022risk 0.00cvss —epss 0.59
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue…
- CVE-2022-36046Aug 31, 2022risk 0.00cvss —epss 0.01
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start…
- CVE-2022-31103Jun 27, 2022risk 0.00cvss —epss 0.01
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by…
- CVE-2022-31093Jun 27, 2022risk 0.00cvss —epss 0.02
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL…
- CVE-2022-23712Jun 6, 2022risk 0.00cvss —epss 0.07
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.