CWE-703
DiscouragedImproper Check or Handling of Exceptional Conditions
Abstraction: Pillar · Status: Incomplete
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
212 vulnerabilities reference this CWE, most recent first.
GHSA-PQ84-84HQ-CW86
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-24 15:30Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
{
"affected": [],
"aliases": [
"CVE-2026-1996"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:22Z",
"severity": "MODERATE"
},
"details": "Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.",
"id": "GHSA-pq84-84hq-cw86",
"modified": "2026-02-24T15:30:27Z",
"published": "2026-02-10T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1996"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_14057472-14057502-16/hpsbpi04089"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PQJ7-JX24-WJ7W
Vulnerability from github – Published: 2023-05-11 19:40 – Updated: 2023-05-11 19:40Impact
Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error.
Attempting to view the keyspace(s) will also no longer work.
Creating a shard using vtctldclient does not have the same problem because the CLI validates the input correctly.
Patches
v16.0.2, corresponding to 0.16.2 on pkg.go.dev
Workarounds
- Always use
vtctldclientto create shards, instead of using VTAdmin - Disable creating shards from VTAdmin using RBAC
- Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called
a/bin keyspacecommerce, and you are running etcd, it can be deleted by doing something like
% etcdctl --endpoints "http://${ETCD_SERVER}" del /vitess/global/keyspaces/commerce/shards/a/b/Shard
References
https://github.com/vitessio/vitess/issues/12842
Found during a security audit sponsored by the CNCF and facilitated by OSTIF.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "vitess.io/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-29195"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-11T19:40:49Z",
"nvd_published_at": "2023-05-11T20:15:09Z",
"severity": "MODERATE"
},
"details": "### Impact\nUsers can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. \nAttempting to view the keyspace(s) will also no longer work.\nCreating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly.\n\n### Patches\nv16.0.2, corresponding to [0.16.2 on pkg.go.dev](https://pkg.go.dev/vitess.io/vitess@v0.16.2)\n\n### Workarounds\n- Always use `vtctldclient` to create shards, instead of using VTAdmin\n- Disable creating shards from VTAdmin using RBAC\n- Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called `a/b` in keyspace `commerce`, and you are running etcd, it can be deleted by doing something like\n```\n% etcdctl --endpoints \"http://${ETCD_SERVER}\" del /vitess/global/keyspaces/commerce/shards/a/b/Shard\n```\n\n### References\nhttps://github.com/vitessio/vitess/issues/12842\n\nFound during a security audit sponsored by the [CNCF](https://cncf.io) and facilitated by [OSTIF](https://ostif.org).",
"id": "GHSA-pqj7-jx24-wj7w",
"modified": "2023-05-11T19:40:49Z",
"published": "2023-05-11T19:40:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29195"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"type": "PACKAGE",
"url": "https://github.com/vitessio/vitess"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "VTAdmin users that can create shards can deny access to other functions"
}
GHSA-PVGQ-2PR4-WXJ6
Vulnerability from github – Published: 2026-02-03 18:30 – Updated: 2026-02-11 18:31chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database.
{
"affected": [],
"aliases": [
"CVE-2025-70758"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-03T18:16:18Z",
"severity": "HIGH"
},
"details": "chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database.",
"id": "GHSA-pvgq-2pr4-wxj6",
"modified": "2026-02-11T18:31:25Z",
"published": "2026-02-03T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70758"
},
{
"type": "WEB",
"url": "https://github.com/XavLimSG/Vulnerability-Research/tree/main/CVE-2025-70758"
},
{
"type": "WEB",
"url": "https://github.com/chetans9/core-php-admin-panel"
},
{
"type": "WEB",
"url": "https://github.com/chetans9/core-php-admin-panel/blob/master/includes/auth_validate.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PVXC-5V6M-8CM2
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-19 21:31Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
{
"affected": [],
"aliases": [
"CVE-2025-13016"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T16:15:38Z",
"severity": "HIGH"
},
"details": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox \u003c 145 and Firefox ESR \u003c 140.5.",
"id": "GHSA-pvxc-5v6m-8cm2",
"modified": "2025-11-19T21:31:17Z",
"published": "2025-11-11T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13016"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX74-PRRR-J3JP
Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).
When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.
This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S3; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R2.
Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R3-S2-EVO; 22.1-EVO versions prior to 22.1R3-S3-EVO; 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; 22.3-EVO versions prior to 22.3R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2023-36849"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-14T18:15:10Z",
"severity": "MODERATE"
},
"details": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S3;\n22.2 versions prior to 22.2R2-S1, 22.2R3;\n22.3 versions prior to 22.3R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R3-S2-EVO;\n22.1-EVO versions prior to 22.1R3-S3-EVO;\n22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n22.3-EVO versions prior to 22.3R2-EVO.\n",
"id": "GHSA-px74-prrr-j3jp",
"modified": "2024-04-04T06:08:53Z",
"published": "2023-07-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36849"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA71660"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7G2-V5XX-CMXX
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-30 15:30In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548
{
"affected": [],
"aliases": [
"CVE-2023-21026"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548",
"id": "GHSA-q7g2-v5xx-cmxx",
"modified": "2023-03-30T15:30:20Z",
"published": "2023-03-24T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21026"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFC7-WQHW-2Q8R
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2026-01-23 21:30Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-58153"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:52Z",
"severity": "HIGH"
},
"details": "Under undisclosed traffic conditions along with conditions beyond the attacker\u0027s control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-qfc7-wqhw-2q8r",
"modified": "2026-01-23T21:30:39Z",
"published": "2025-10-15T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58153"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000151658"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QJH3-4J3H-VMWP
Vulnerability from github – Published: 2025-01-13 16:13 – Updated: 2025-01-14 21:07Summary
The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination.
Details
In method crl.(*FileCache).Set, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated notation cache directory thanks os.Rename. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error.
Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation.
PoC
- Ensure that the temporary file storage area (e.g., /tmp) is mounted on a different mount point than the user's 'notation' cache directory.
- Either disable the Online Certificate Status Protocol (OCSP) revocation check, or utilize certificates that exclusively support Certificate Revocation Lists (CRLs) for revocation check.
- Try to verify a previously generated signature using the 'notation' tool.
Impact
The signature verification process is aborted as process crashes.
Remediation
The cache file should be created, written, then copied to the wanted final location, and finally removed. Additionally, this error shouldn't lead to a crash as it is not fatal and shouldn't prevent the rest of the program to properly continue
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/notaryproject/notation-go"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0-rc.1"
},
{
"fixed": "1.3.0-rc.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.0-rc.1"
]
}
],
"aliases": [
"CVE-2024-51491"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-13T16:13:59Z",
"nvd_published_at": "2025-01-13T22:15:13Z",
"severity": "LOW"
},
"details": "### Summary\nThe issue was identified during Quarkslab\u0027s security audit on the Certificate Revocation List (CRL) based revocation check feature.\nAfter retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination.\n\n### Details\n\nIn method `crl.(*FileCache).Set`, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated `notation` cache directory thanks `os.Rename`. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on `rename` syscall from the libc and as per the [documentation](https://man7.org/linux/man-pages/man2/rename.2.html), moving a file to a different mountpoint raises an `EXDEV` error, interpreted as `Cross device link not permitted error`.\nSome Linux distribution, like `RedHat` use a dedicated filesystem (`tmpfs`), mounted on a specific mountpoint (usually `/tmp`) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash `notation`. \n\n### PoC\n1. Ensure that the temporary file storage area (e.g., /tmp) is mounted on a different mount point than the user\u0027s \u0027notation\u0027 cache directory.\n2. Either disable the Online Certificate Status Protocol (OCSP) revocation check, or utilize certificates that exclusively support Certificate Revocation Lists (CRLs) for revocation check.\n3. Try to verify a previously generated signature using the \u0027notation\u0027 tool.\n\n### Impact\nThe signature verification process is aborted as process crashes.\n\n### Remediation\nThe cache file should be created, written, then copied to the wanted final location, and finally removed. Additionally, this error shouldn\u0027t lead to a crash as it is not fatal and shouldn\u0027t prevent the rest of the program to properly continue\n",
"id": "GHSA-qjh3-4j3h-vmwp",
"modified": "2025-01-14T21:07:52Z",
"published": "2025-01-13T16:13:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51491"
},
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/commit/3c3302258ad510fbca2f8a73731569d91f07d196"
},
{
"type": "PACKAGE",
"url": "https://github.com/notaryproject/notation-go"
},
{
"type": "WEB",
"url": "https://man7.org/linux/man-pages/man2/rename.2.html"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3382"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "notation-go has an OS error when setting CRL cache leads to denial of signature verification"
}
GHSA-QM62-5PC4-C833
Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2025-05-14 18:30The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
{
"affected": [],
"aliases": [
"CVE-2022-41589"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T16:15:00Z",
"severity": "HIGH"
},
"details": "The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.",
"id": "GHSA-qm62-5pc4-c833",
"modified": "2025-05-14T18:30:34Z",
"published": "2022-10-14T19:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41589"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/10"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVJG-564F-22C8
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2025-10-22 00:32An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
{
"affected": [],
"aliases": [
"CVE-2021-25372"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-26T19:15:00Z",
"severity": "HIGH"
},
"details": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.",
"id": "GHSA-qvjg-564f-22c8",
"modified": "2025-10-22T00:32:05Z",
"published": "2022-05-24T17:45:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25372"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.