VYPR

CWE-755

Improper Handling of Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not handle or incorrectly handles an exceptional condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (140)

page 2 of 7
  • CVE-2017-6678HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to…

  • CVE-2017-3832HigApr 6, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the…

  • CVE-2017-17172HigJun 14, 2018
    risk 0.47cvss 7.3epss 0.00

    Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the…

  • CVE-2025-24478HigJan 28, 2025
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.

  • CVE-2018-8039HigJul 2, 2018
    risk 0.46cvss 8.1epss 0.10

    It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work…

  • CVE-2017-0904HigNov 13, 2017
    risk 0.46cvss 8.1epss 0.02

    The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side…

  • CVE-2017-11472HigJul 20, 2017
    risk 0.46cvss 7.1epss 0.00

    The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection…

  • CVE-2017-7496HigJun 26, 2017
    risk 0.46cvss 7.0epss 0.00

    fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.

  • CVE-2017-0622HigMay 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2026-23762MedJan 22, 2026
    risk 0.45cvss epss 0.00

    VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a…

  • CVE-2024-41886MedDec 24, 2024
    risk 0.45cvss epss 0.01

    Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the…

  • CVE-2025-46733HigJul 4, 2025
    risk 0.44cvss 7.9epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a…

  • CVE-2025-43864HigApr 25, 2025
    risk 0.44cvss 7.5epss 0.24

    React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that…

  • CVE-2017-6628MedMay 3, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while…

  • CVE-2017-5664HigJun 6, 2017
    risk 0.43cvss 7.5epss 0.17

    The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error…

  • CVE-2026-49235HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.00

    When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.

  • CVE-2026-9516HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it…

  • CVE-2026-44325HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over…

  • CVE-2026-44319HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and…

  • CVE-2026-34065HigApr 22, 2026
    risk 0.42cvss 7.5epss 0.00

    nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed…