CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
686 vulnerabilities reference this CWE, most recent first.
GHSA-VXC2-696Q-6C9J
Vulnerability from github – Published: 2022-05-02 00:08 – Updated: 2024-02-15 21:31fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
{
"affected": [],
"aliases": [
"CVE-2008-4302"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-09-29T17:17:00Z",
"severity": "MODERATE"
},
"details": "fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.",
"id": "GHSA-vxc2-696q-6c9j",
"modified": "2024-02-15T21:31:23Z",
"published": "2022-05-02T00:08:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4302"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=462434"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45191"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10547"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=6a860c979b35469e4d77da781a96bdb2ca05ae64"
},
{
"type": "WEB",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"type": "WEB",
"url": "http://lkml.org/lkml/2007/7/20/168"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32237"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32485"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32759"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1653"
},
{
"type": "WEB",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/10"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXCG-RM55-QWQC
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
{
"affected": [],
"aliases": [
"CVE-2019-4722"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T14:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.",
"id": "GHSA-vxcg-rm55-qwqc",
"modified": "2022-05-24T19:03:48Z",
"published": "2022-05-24T19:03:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4722"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172128"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210622-0004"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6451705"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W2CM-PC9J-3M28
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
{
"affected": [],
"aliases": [
"CVE-2025-29826"
],
"database_specific": {
"cwe_ids": [
"CWE-280",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:52Z",
"severity": "HIGH"
},
"details": "Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.",
"id": "GHSA-w2cm-pc9j-3m28",
"modified": "2025-05-13T18:30:53Z",
"published": "2025-05-13T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29826"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29826"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W2JP-M4XR-VGR3
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-08 00:00Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.
{
"affected": [],
"aliases": [
"CVE-2022-34368"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.",
"id": "GHSA-w2jp-m4xr-vgr3",
"modified": "2022-09-08T00:00:38Z",
"published": "2022-08-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34368"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000201652/dsa-2022-194-dell-emc-networker-security-update-for-insufficient-privileges-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W2QP-8FJ2-5G53
Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-14 00:03A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted.
{
"affected": [],
"aliases": [
"CVE-2022-20748"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-664",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-03T04:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted.",
"id": "GHSA-w2qp-8fj2-5g53",
"modified": "2022-05-14T00:03:41Z",
"published": "2022-05-04T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20748"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-amp-local-dos-CUfwRJXT"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-W447-F7MG-93M3
Vulnerability from github – Published: 2023-10-02 21:30 – Updated: 2024-03-15 18:30Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
{
"affected": [],
"aliases": [
"CVE-2023-37605"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-02T19:15:10Z",
"severity": "MODERATE"
},
"details": "Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.",
"id": "GHSA-w447-f7mg-93m3",
"modified": "2024-03-15T18:30:35Z",
"published": "2023-10-02T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37605"
},
{
"type": "WEB",
"url": "https://medium.com/%40david_42/complex-password-vs-buffer-overflow-and-the-winner-is-decbc56db5e3"
},
{
"type": "WEB",
"url": "https://medium.com/@david_42/complex-password-vs-buffer-overflow-and-the-winner-is-decbc56db5e3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W4MM-46PM-FMVH
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685
{
"affected": [],
"aliases": [
"CVE-2021-0969"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685",
"id": "GHSA-w4mm-46pm-fmvh",
"modified": "2021-12-18T00:01:30Z",
"published": "2021-12-16T00:01:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0969"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W4P3-VCX6-GGV5
Vulnerability from github – Published: 2025-01-28 21:31 – Updated: 2025-01-28 21:31A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2025-24478"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T19:15:14Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.",
"id": "GHSA-w4p3-vcx6-ggv5",
"modified": "2025-01-28T21:31:03Z",
"published": "2025-01-28T21:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24478"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W73W-5M7G-F7QC
Vulnerability from github – Published: 2021-05-18 21:08 – Updated: 2024-05-20 19:26jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/dgrijalva/jwt-go"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-20150717181359-44718f8a89b0"
},
{
"last_affected": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/dgrijalva/jwt-go/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0-preview1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26160"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T20:54:59Z",
"nvd_published_at": "2020-09-30T18:15:00Z",
"severity": "HIGH"
},
"details": "jwt-go allows attackers to bypass intended access restrictions in situations with `[]string{}` for `m[\"aud\"]` (which is allowed by the specification). Because the type assertion fails, \"\" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to [golang-jwt](https://github.com/golang-jwt/jwt) at version 3.2.1",
"id": "GHSA-w73w-5m7g-f7qc",
"modified": "2024-05-20T19:26:26Z",
"published": "2021-05-18T21:08:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
},
{
"type": "WEB",
"url": "https://github.com/dgrijalva/jwt-go/issues/422"
},
{
"type": "WEB",
"url": "https://github.com/dgrijalva/jwt-go/issues/462"
},
{
"type": "WEB",
"url": "https://github.com/dgrijalva/jwt-go/pull/426"
},
{
"type": "WEB",
"url": "https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab"
},
{
"type": "PACKAGE",
"url": "https://github.com/dgrijalva/jwt-go"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0017"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authorization bypass in github.com/dgrijalva/jwt-go"
}
GHSA-W77X-QJ4R-HV89
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.
{
"affected": [],
"aliases": [
"CVE-2017-13199"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-12T23:29:00Z",
"severity": "HIGH"
},
"details": "In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.",
"id": "GHSA-w77x-qj4r-hv89",
"modified": "2022-05-13T01:43:06Z",
"published": "2022-05-13T01:43:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13199"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102414"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.