VYPR

CWE-755

Improper Handling of Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not handle or incorrectly handles an exceptional condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (140)

page 6 of 7
  • CVE-2023-28631Mar 28, 2023
    risk 0.00cvss epss 0.01

    comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via…

  • CVE-2023-27595Mar 17, 2023
    risk 0.00cvss epss 0.01

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's…

  • CVE-2023-26479Mar 2, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content…

  • CVE-2022-23495Dec 8, 2022
    risk 0.00cvss epss 0.01

    go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error…

  • CVE-2022-23496Dec 8, 2022
    risk 0.00cvss epss 0.01

    Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library…

  • CVE-2022-41777Dec 5, 2022
    risk 0.00cvss epss 0.01

    Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

  • CVE-2022-39271Oct 11, 2022
    risk 0.00cvss epss 0.01

    Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal…

  • CVE-2022-3175Sep 13, 2022
    risk 0.00cvss epss 0.01

    Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.

  • CVE-2022-31152Sep 2, 2022
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an…

  • CVE-2022-36031Aug 19, 2022
    risk 0.00cvss epss 0.01

    Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been…

  • CVE-2022-31799May 29, 2022
    risk 0.00cvss epss 0.02

    Bottle before 0.12.20 mishandles errors during early request binding.

  • CVE-2022-24863Apr 18, 2022
    risk 0.00cvss epss 0.02

    http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory…

  • CVE-2022-24615Feb 24, 2022
    risk 0.00cvss epss 0.01

    zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.

  • CVE-2022-24613Feb 24, 2022
    risk 0.00cvss epss 0.01

    metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.

  • CVE-2022-21676Jan 12, 2022
    risk 0.00cvss epss 0.03

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the…

  • CVE-2022-21667Jan 7, 2022
    risk 0.00cvss epss 0.02

    soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even…

  • CVE-2021-39187Sep 2, 2021
    risk 0.00cvss epss 0.02

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver…

  • CVE-2021-39157Aug 24, 2021
    risk 0.00cvss epss 0.02

    detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding…

  • CVE-2021-23429Aug 24, 2021
    risk 0.00cvss epss 0.01

    All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.

  • CVE-2021-30639Jul 12, 2021
    risk 0.00cvss epss 0.07

    A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests.…