CWE-755
Improper Handling of Exceptional Conditions
Description
The product does not handle or incorrectly handles an exceptional condition.
Hierarchy (View 1000)
CVEs mapped to this weakness (140)
page 6 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28631 | — | 0.00 | — | 0.01 | Mar 28, 2023 | comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via… | ||
| CVE-2023-27595 | 0.00 | — | 0.01 | Mar 17, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's… | |||
| CVE-2023-26479 | 0.00 | — | 0.01 | Mar 2, 2023 | XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content… | |||
| CVE-2022-23495 | — | 0.00 | — | 0.01 | Dec 8, 2022 | go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error… | ||
| CVE-2022-23496 | 0.00 | — | 0.01 | Dec 8, 2022 | Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library… | |||
| CVE-2022-41777 | 0.00 | — | 0.01 | Dec 5, 2022 | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | |||
| CVE-2022-39271 | 0.00 | — | 0.01 | Oct 11, 2022 | Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal… | |||
| CVE-2022-3175 | — | 0.00 | — | 0.01 | Sep 13, 2022 | Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||
| CVE-2022-31152 | 0.00 | — | 0.01 | Sep 2, 2022 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an… | |||
| CVE-2022-36031 | 0.00 | — | 0.01 | Aug 19, 2022 | Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been… | |||
| CVE-2022-31799 | — | 0.00 | — | 0.02 | May 29, 2022 | Bottle before 0.12.20 mishandles errors during early request binding. | ||
| CVE-2022-24863 | 0.00 | — | 0.02 | Apr 18, 2022 | http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory… | |||
| CVE-2022-24615 | 0.00 | — | 0.01 | Feb 24, 2022 | zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library. | |||
| CVE-2022-24613 | — | 0.00 | — | 0.01 | Feb 24, 2022 | metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library. | ||
| CVE-2022-21676 | 0.00 | — | 0.03 | Jan 12, 2022 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the… | |||
| CVE-2022-21667 | 0.00 | — | 0.02 | Jan 7, 2022 | soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even… | |||
| CVE-2021-39187 | 0.00 | — | 0.02 | Sep 2, 2021 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver… | |||
| CVE-2021-39157 | 0.00 | — | 0.02 | Aug 24, 2021 | detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding… | |||
| CVE-2021-23429 | — | 0.00 | — | 0.01 | Aug 24, 2021 | All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | ||
| CVE-2021-30639 | — | 0.00 | — | 0.07 | Jul 12, 2021 | A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests.… |
- CVE-2023-28631Mar 28, 2023risk 0.00cvss —epss 0.01
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via…
- CVE-2023-27595Mar 17, 2023risk 0.00cvss —epss 0.01
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's…
- CVE-2023-26479Mar 2, 2023risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content…
- CVE-2022-23495Dec 8, 2022risk 0.00cvss —epss 0.01
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error…
- CVE-2022-23496Dec 8, 2022risk 0.00cvss —epss 0.01
Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library…
- CVE-2022-41777Dec 5, 2022risk 0.00cvss —epss 0.01
Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
- CVE-2022-39271Oct 11, 2022risk 0.00cvss —epss 0.01
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal…
- CVE-2022-3175Sep 13, 2022risk 0.00cvss —epss 0.01
Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.
- CVE-2022-31152Sep 2, 2022risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an…
- CVE-2022-36031Aug 19, 2022risk 0.00cvss —epss 0.01
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been…
- CVE-2022-31799May 29, 2022risk 0.00cvss —epss 0.02
Bottle before 0.12.20 mishandles errors during early request binding.
- CVE-2022-24863Apr 18, 2022risk 0.00cvss —epss 0.02
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory…
- CVE-2022-24615Feb 24, 2022risk 0.00cvss —epss 0.01
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
- CVE-2022-24613Feb 24, 2022risk 0.00cvss —epss 0.01
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.
- CVE-2022-21676Jan 12, 2022risk 0.00cvss —epss 0.03
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the…
- CVE-2022-21667Jan 7, 2022risk 0.00cvss —epss 0.02
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even…
- CVE-2021-39187Sep 2, 2021risk 0.00cvss —epss 0.02
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver…
- CVE-2021-39157Aug 24, 2021risk 0.00cvss —epss 0.02
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding…
- CVE-2021-23429Aug 24, 2021risk 0.00cvss —epss 0.01
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.
- CVE-2021-30639Jul 12, 2021risk 0.00cvss —epss 0.07
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests.…