CWE-755— Improper Handling of Exceptional Conditions
533 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-755page 10 of 11
- CVE-2023-42578MEDIUMCVSS 6.5EG 6.52023-12-05
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.
- CVE-2023-43087MEDIUMCVSS 4.3EG 4.32023-11-02
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.
- CVE-2023-43251HIGHCVSS 7.8EG 7.82023-10-19
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
- CVE-2023-44186HIGHCVSS 7.5EG 7.52023-10-11
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes,…
- CVE-2023-44488HIGHCVSS 7.5EG 7.52023-09-30
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
- CVE-2023-4537HIGHCVSS 7.4EG 7.42024-02-15
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 throug…
- CVE-2023-4540HIGHCVSS 7.5EG 7.52023-09-05
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request …
- CVE-2023-45820MEDIUMCVSS 5.9EG 5.92023-10-19
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user …
- CVE-2023-46297MEDIUMCVSS 5.1EG 5.12024-05-29
An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not…
- CVE-2023-46673MEDIUMCVSS 6.5EG 6.52023-11-22
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
- CVE-2023-48232LOWCVSS 3.9EG 3.92023-11-16
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a wind…
- CVE-2023-50019MEDIUMCVSS 5.9EG 5.92024-01-02
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
- CVE-2023-50212MEDIUMCVSS 6.5EG 4.32024-05-03
D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Au…
- CVE-2023-50728MEDIUMCVSS 5.4EG 5.42023-12-15
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the err…
- CVE-2023-5090MEDIUMCVSS 6.0EG 6.02023-11-06
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
- CVE-2023-52075HIGHCVSS 7.5EG 7.52023-12-27
ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasi…
- CVE-2023-5824HIGHCVSS 7.5EG 7.52023-11-03
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the wor…
- CVE-2023-6267HIGHCVSS 8.6EG 8.62024-01-25
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and appli…
- CVE-2023-6599MEDIUMCVSS 4.3EG 4.32023-12-08
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
- CVE-2023-6866HIGHCVSS 8.8EG 8.82023-12-19
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.
- CVE-2024-0108HIGHCVSS 8.7EG 8.72024-08-08
NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, a…
- CVE-2024-12236MEDIUMCVSS 5.5EG 5.52024-12-10
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventin…
- CVE-2024-20699MEDIUMCVSS 5.5EG 5.52024-01-09
Windows Hyper-V Denial of Service Vulnerability
- CVE-2024-20894MEDIUMCVSS 4.3EG 4.32024-07-02
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
- CVE-2024-21585MEDIUMCVSS 5.9EG 5.92024-01-12
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's contro…
- CVE-2024-21587MEDIUMCVSS 6.5EG 6.52024-01-12
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeat…
- CVE-2024-21610MEDIUMCVSS 4.3EG 5.32024-04-12
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).…
- CVE-2024-21907HIGHCVSS 7.5EG 7.52024-01-03
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial o…
- CVE-2024-23325HIGHCVSS 7.5EG 7.52024-02-09
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with pr…
- CVE-2024-23609HIGHCVSS 7.8EG 7.82024-03-11
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior ver…
- CVE-2024-23612HIGHCVSS 7.8EG 7.82024-03-11
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior ver…
- CVE-2024-26584MEDIUMCVSS 5.5EG 5.52024-02-21
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} …
- CVE-2024-26911LOWCVSS 3.3EG 3.32024-04-17
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root cause…
- CVE-2024-27442HIGHCVSS 7.8EG 7.82024-08-12
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can …
- CVE-2024-27662MEDIUMCVSS 6.5EG 6.52024-02-29
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-28869HIGHCVSS 7.5EG 7.52024-04-12
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerabilit…
- CVE-2024-29748HIGHCVSS 7.8EG 7.8⚠ KEV2024-04-05
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2024-30380MEDIUMCVSS 6.5EG 6.52024-04-16
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sendi…
- CVE-2024-30382HIGHCVSS 7.5EG 7.52024-04-12
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing…
- CVE-2024-3150HIGHCVSS 8.8EG 8.12024-06-06
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling…
- CVE-2024-3152HIGHCVSS 8.8EG 8.82024-06-06
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, rea…
- CVE-2024-32000MEDIUMCVSS 4.3EG 4.32024-04-12
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID th…
- CVE-2024-32001LOWCVSS 2.2EG 2.22024-04-10
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return…
- CVE-2024-32652HIGHCVSS 7.5EG 7.52024-04-19
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that ca…
- CVE-2024-34638MEDIUMCVSS 6.7EG 6.72024-09-04
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
- CVE-2024-34639MEDIUMCVSS 4.6EG 4.62024-09-04
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
- CVE-2024-34750HIGHCVSS 7.5EG 7.52024-07-03
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscountin…
- CVE-2024-36112MEDIUMCVSS 6.3EG 6.32024-05-28
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`…
- CVE-2024-36730HIGHCVSS 7.5EG 7.52024-06-06
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
- CVE-2024-39525HIGHCVSS 7.5EG 7.52024-10-09
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rp…
Map vulnerabilities like CWE-755 to your infrastructure
EchelonGraph correlates every CVE — across CWE-755 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →