Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

422 vulnerabilities reference this CWE, most recent first.

GHSA-M52V-24P8-654F

Vulnerability from github – Published: 2024-11-22 20:11 – Updated: 2024-11-22 20:11
VLAI
Summary
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Details

Sorting table records using an ORDER BY clause with the rand() function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81.

Impact

A client that is authorized to run queries in a SurrealDB server would be able to query a table with ORDER BY rand() in order to potentially cause a panic in the sorting function. This would crash the server, leading to denial of service.

Patches

The sorting algorithm has been updated to guarantee total order when shuffling records.

  • Version 2.1.0 and later are not affected by this issue.

Workarounds

Affected users who are unable to update may want to limit the ability of untrusted clients to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure that the SurrealDB process is running so that it can be automatically re-started after a crash.

References

  • https://github.com/surrealdb/surrealdb/issues/4969
  • https://github.com/surrealdb/surrealdb/pull/4989
  • https://github.com/surrealdb/surrealdb/pull/4805
  • https://github.com/surrealdb/surrealdb/pull/4906
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "surrealdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "surrealdb-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-22T20:11:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Sorting table records using an `ORDER BY` clause with the `rand()` function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent [change in Rust 1.81](https://blog.rust-lang.org/2024/09/05/Rust-1.81.0.html#new-sort-implementations).\n\n### Impact\n\nA client that is authorized to run queries in a SurrealDB server would be able to query a table with `ORDER BY rand()` in order to potentially cause a panic in the sorting function. This would crash the server, leading to denial of service.\n\n### Patches\n\nThe sorting algorithm has been updated to guarantee total order when shuffling records.\n\n- Version 2.1.0 and later are not affected by this issue.\n\n### Workarounds\n\nAffected users who are unable to update may want to limit the ability of untrusted clients to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure that the SurrealDB process is running so that it can be automatically re-started after a crash.\n\n### References\n\n- https://github.com/surrealdb/surrealdb/issues/4969\n- https://github.com/surrealdb/surrealdb/pull/4989\n- https://github.com/surrealdb/surrealdb/pull/4805\n- https://github.com/surrealdb/surrealdb/pull/4906",
  "id": "GHSA-m52v-24p8-654f",
  "modified": "2024-11-22T20:11:48Z",
  "published": "2024-11-22T20:11:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/surrealdb/surrealdb/security/advisories/GHSA-m52v-24p8-654f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/surrealdb/surrealdb/issues/4969"
    },
    {
      "type": "WEB",
      "url": "https://github.com/surrealdb/surrealdb/pull/4805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/surrealdb/surrealdb/pull/4906"
    },
    {
      "type": "WEB",
      "url": "https://github.com/surrealdb/surrealdb/pull/4989"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/surrealdb/surrealdb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SurrealDB has an Uncaught Exception Sorting Tables by Random Order"
}

GHSA-M72M-MHQ2-9P6C

Vulnerability from github – Published: 2021-08-23 19:42 – Updated: 2022-02-08 20:59
VLAI
Summary
Uncaught Exception in jsoup
Details

Impact

What kind of vulnerability is it? Who is impacted? Those using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.

Patches

Has the problem been patched? What versions should users upgrade to? Users should upgrade to jsoup 1.14.2

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? Users may rate limit input parsing. Users should limit the size of inputs based on system resources. Users should implement thread watchdogs to cap and timeout parse runtimes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jsoup:jsoup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T17:20:30Z",
    "nvd_published_at": "2021-08-18T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nThose using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nUsers should upgrade to jsoup 1.14.2\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nUsers may rate limit input parsing. Users should limit the size of inputs based on system resources. Users should implement thread watchdogs to cap and timeout parse runtimes.\n",
  "id": "GHSA-m72m-mhq2-9p6c",
  "modified": "2022-02-08T20:59:16Z",
  "published": "2021-08-23T19:42:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jhy/jsoup"
    },
    {
      "type": "WEB",
      "url": "https://jsoup.org/news/release-1.14.1"
    },
    {
      "type": "WEB",
      "url": "https://jsoup.org/news/release-1.14.2"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220210-0022"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncaught Exception in jsoup"
}

GHSA-M744-JHQ9-PPW6

Vulnerability from github – Published: 2026-06-19 20:46 – Updated: 2026-06-19 20:46
VLAI
Summary
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
Details

Impact

A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic.

Preconditions

The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no authentication is required.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Only allow authenticated writes to a topic

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CoreWCF.Kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CoreWCF.Kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-754",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T20:46:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nA CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic.\n\n#### Preconditions\nThe attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no authentication is required. \n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nOnly allow authenticated writes to a topic",
  "id": "GHSA-m744-jhq9-ppw6",
  "modified": "2026-06-19T20:46:49Z",
  "published": "2026-06-19T20:46:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/CoreWCF/CoreWCF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service."
}

GHSA-M758-WJHJ-P3JQ

Vulnerability from github – Published: 2026-04-09 20:22 – Updated: 2026-04-24 21:03
VLAI
Summary
Wasmtime has a possible panic when lifting `flags` component value
Details

Impact

Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting into Val, not when using the flags! macro. This additionally only affects flags-typed values which are part of a WIT interface.

This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.

Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.

Workarounds

There is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using wasmtime::component::Val and possibly work with a flags type in the component model.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "25.0.0"
            },
            {
              "fixed": "36.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "37.0.0"
            },
            {
              "fixed": "42.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "43.0.0"
            },
            {
              "fixed": "43.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "43.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T20:22:34Z",
    "nvd_published_at": "2026-04-09T19:16:24Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWasmtime contains a possible panic which can happen when a `flags`-typed component model value is lifted with the `Val` type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime\u0027s implementation of lifting into `Val`, not when using the `flags!` macro. This additionally only affects `flags`-typed values which are part of a WIT interface. \n\nThis has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.\n\n### Patches\n\nWasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.\n\n### Workarounds\n\nThere is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using `wasmtime::component::Val` and possibly work with a `flags` type in the component model.",
  "id": "GHSA-m758-wjhj-p3jq",
  "modified": "2026-04-24T21:03:43Z",
  "published": "2026-04-09T20:22:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34943"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bytecodealliance/wasmtime"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Wasmtime has a possible panic when lifting `flags` component value"
}

GHSA-M8VH-V6R6-W7P6

Vulnerability from github – Published: 2025-12-02 00:46 – Updated: 2025-12-02 00:46
VLAI
Summary
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
Details

Endpoint: admin/config/system
Submenu: Languages
Parameter: Supported
Application: Grav v 1.7.48


Summary

A Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server.

This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in the following error:

preg_match(): Unknown modifier 'o' File: /system/src/Grav/Common/Language/Language.php line 244

Once triggered, the site becomes completely unavailable to all users.


Details

  • Vulnerable Endpoint: POST /admin/config/system

  • Submenu: Languages

  • Parameter: Supported

The application dynamically constructs a regular expression using the contents of the Supported field without escaping the input using preg_quote() or proper validation. This allows attackers to inject invalid syntax into the regex engine, crashing the application during language resolution.

Stack trace excerpt:

Whoops \ Exception \ ErrorException (E_WARNING) preg_match(): Unknown modifier 'o' /system/src/Grav/Common/Language/Language.php244


Proof of Concept (PoC)

Payloads:

/

Steps to Reproduce:

  1. Log into the Grav Admin Panel.

  2. Navigate to: ConfigurationSystemLanguages.

  3. Locate the Supported field.

  4. Insert one of the payloads above (e.g., a single slash /).

  5. Click Save.

Pasted image 20250719183223

  1. Observe: All pages in the application begin throwing a fatal error and become inaccessible.

Pasted image 20250719175229


Impact

  • Application-wide Denial of Service (DoS)

  • All login and admin views crash with the same error

  • Potentially exploitable by:

    • Admin panel users

    • CSRF if misconfigured


References

  • CWE-1333: Improper Regular Expression

  • CWE-20: Improper Input Validation

Discoverer

Marcelo Queiroz

by CVE-Hunters

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0-beta.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T00:46:05Z",
    "nvd_published_at": "2025-12-01T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "**Endpoint**: `admin/config/system`  \n**Submenu**: `Languages`  \n**Parameter**: `Supported`  \n**Application**: Grav v 1.7.48\n\n---\n\n## Summary\n\nA Denial of Service (DoS) vulnerability was identified in the **\"Languages\"** submenu of the Grav **admin configuration panel** (`/admin/config/system`). Specifically, the `Supported` parameter fails to properly validate user input. If a malformed value is inserted\u2014such as a single forward slash (`/`) or an XSS test string\u2014it causes a fatal regular expression parsing error on the server.\n\nThis leads to application-wide failure due to the use of the `preg_match()` function with an **improperly constructed regular expression**, resulting in the following error:\n\n`preg_match(): Unknown modifier \u0027o\u0027 File: /system/src/Grav/Common/Language/Language.php line 244`\n\nOnce triggered, the site becomes completely unavailable to all users.\n\n---\n\n## Details\n\n- **Vulnerable Endpoint**: `POST /admin/config/system`\n    \n- **Submenu**: `Languages`\n    \n- **Parameter**: `Supported`  \n    \n\nThe application dynamically constructs a regular expression using the contents of the `Supported` field without escaping the input using `preg_quote()` or proper validation. This allows attackers to inject invalid syntax into the regex engine, crashing the application during language resolution.\n\n**Stack trace excerpt**:\n\n`Whoops \\ Exception \\ ErrorException (E_WARNING) preg_match(): Unknown modifier \u0027o\u0027 /system/src/Grav/Common/Language/Language.php244`\n\n---\n\n## Proof of Concept (PoC)\n\n### Payloads:\n\n`/ `\n\n### Steps to Reproduce:\n\n1. Log into the Grav Admin Panel.\n    \n2. Navigate to: **Configuration** \u2192 **System** \u2192 **Languages**.\n    \n3. Locate the `Supported` field.\n    \n4. Insert one of the payloads above (e.g., a single slash `/`).\n    \n5. Click **Save**.\n\n\u003cimg width=\"1897\" height=\"639\" alt=\"Pasted image 20250719183223\" src=\"https://github.com/user-attachments/assets/d3a54a20-d30d-46c6-9015-722f80701cfb\" /\u003e\n\n1. Observe: All pages in the application begin throwing a fatal error and become inaccessible.\n\n\u003cimg width=\"1802\" height=\"998\" alt=\"Pasted image 20250719175229\" src=\"https://github.com/user-attachments/assets/b16750c2-507f-4c30-a9bb-d07fa92bb777\" /\u003e\n\n---\n\n## Impact\n\n- Application-wide Denial of Service (DoS)\n    \n- All login and admin views crash with the same error\n    \n- Potentially exploitable by:\n    \n    - Admin panel users\n        \n    - CSRF if misconfigured        \n    \n\n---\n\n## References\n\n- **CWE-1333**: Improper Regular Expression\n    \n- **CWE-20**: Improper Input Validation\n\n\n## Discoverer\n\n[Marcelo Queiroz](www.linkedin.com/in/marceloqueirozjr) \n\nby [CVE-Hunters](https://github.com/Sec-Dojo-Cyber-House/cve-hunters)",
  "id": "GHSA-m8vh-v6r6-w7p6",
  "modified": "2025-12-02T00:46:05Z",
  "published": "2025-12-02T00:46:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Grav vulnerable to Denial of Service via Improper Input Handling in \u0027Supported\u0027 Parameter"
}

GHSA-M9X3-4G44-FW28

Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-04-07 15:31
VLAI
Details

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T04:15:20Z",
    "severity": "HIGH"
  },
  "details": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.",
  "id": "GHSA-m9x3-4g44-fw28",
  "modified": "2025-04-07T15:31:16Z",
  "published": "2025-04-07T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20664"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/April-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFFW-J524-MRJP

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",
  "id": "GHSA-mffw-j524-mrjp",
  "modified": "2022-05-24T17:36:16Z",
  "published": "2022-05-24T17:36:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15796"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MHGM-R3R5-6CWP

Vulnerability from github – Published: 2025-04-14 12:30 – Updated: 2025-10-28 18:30
VLAI
Details

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually.  Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-14T12:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually.\u00a0\nSimilar effect might be achieved when\u00a0a user tries to change platform language to an unimplemented one.\nThis vulnerability has been patched in version 79.0",
  "id": "GHSA-mhgm-r3r5-6cwp",
  "modified": "2025-10-28T18:30:25Z",
  "published": "2025-04-14T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49705"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/04/CVE-2024-10087"
    },
    {
      "type": "WEB",
      "url": "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MJV8-W698-V8WQ

Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-04-07 15:31
VLAI
Details

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T04:15:20Z",
    "severity": "HIGH"
  },
  "details": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031.",
  "id": "GHSA-mjv8-w698-v8wq",
  "modified": "2025-04-07T15:31:16Z",
  "published": "2025-04-07T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20663"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/April-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJW4-JJ88-V687

Vulnerability from github – Published: 2024-07-09 14:13 – Updated: 2024-11-18 16:26
VLAI
Summary
panic on parsing crafted phonenumber inputs
Details

Impact

The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string.

In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form +dwPAA;phone-context=AA, where the "number" part potentially parses as a number larger than 2^56.

Since f69abee1/0.3.4/#52.

0.2.x series is not affected.

Patches

Upgrade to 0.3.6 or higher.

Workarounds

n/a

References

Whereas https://github.com/whisperfish/rust-phonenumber/issues/69 did not provide an example code path, property testing found a few: +dwPAA;phone-context=AA.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "phonenumber"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.4"
            },
            {
              "fixed": "0.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-248",
      "CWE-392"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-09T14:13:48Z",
    "nvd_published_at": "2024-07-09T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThe phonenumber parsing code may panic due to a reachable `assert!` guard on the phonenumber string.\n\nIn a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the \"number\" part potentially parses as a number larger than 2^56.\n\nSince f69abee1/0.3.4/#52.\n\n0.2.x series is not affected.\n\n### Patches\nUpgrade to 0.3.6 or higher.\n\n### Workarounds\nn/a\n\n### References\nWhereas https://github.com/whisperfish/rust-phonenumber/issues/69 did not provide an example code path, property testing found a few: `+dwPAA;phone-context=AA`.\n",
  "id": "GHSA-mjw4-jj88-v687",
  "modified": "2024-11-18T16:26:50Z",
  "published": "2024-07-09T14:13:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39697"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/issues/69"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/pull/52"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/whisperfish/rust-phonenumber"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0369.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "panic on parsing crafted phonenumber inputs"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.