CWE-754
Allowed-with-ReviewImproper Check for Unusual or Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
905 vulnerabilities reference this CWE, most recent first.
GHSA-GHC9-27WR-4W58
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:37An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.
When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.
This issue affects Juniper Networks Junos OS Evolved:
- All versions prior to 20.4R3-S8-EVO;
- 21.1-EVO version 21.1R1-EVO and later;
- 21.2-EVO versions prior to 21.2R3-S6-EVO;
- 21.3-EVO version 21.3R1-EVO and later;
- 21.4-EVO versions prior to 21.4R3-S3-EVO;
- 22.1-EVO versions prior to 22.1R3-S4-EVO;
- 22.2-EVO versions prior to 22.2R3-S3-EVO;
- 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;
- 22.4-EVO versions prior to 22.4R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2023-44196"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T00:15:12Z",
"severity": "MODERATE"
},
"details": "\nAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later;\n * 21.2-EVO versions prior to 21.2R3-S6-EVO;\n * 21.3-EVO version 21.3R1-EVO and later;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-S4-EVO;\n * 22.2-EVO versions prior to 22.2R3-S3-EVO;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n",
"id": "GHSA-ghc9-27wr-4w58",
"modified": "2024-04-04T08:37:09Z",
"published": "2023-10-13T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44196"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA73162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJCG-VRXG-XMGV
Vulnerability from github – Published: 2021-09-10 17:54 – Updated: 2021-09-10 16:32Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event.
Impact
This can lead to a DoS in the presence of untrusted upstream servers.
Patches
0.15.1 contains an upgraded envoy binary with this vulnerability patched.
Workarounds
If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.
References
envoy GSA envoy CVE envoy announcement
For more information
If you have any questions or comments about this advisory: * Open an issue in pomerium/pomerium * Email us at security@pomerium.com
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pomerium/pomerium"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.15.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39162"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-10T16:32:16Z",
"nvd_published_at": "2021-09-09T22:15:00Z",
"severity": "HIGH"
},
"details": "Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. \n\n### Impact\nThis can lead to a DoS in the presence of untrusted *upstream* servers.\n\n### Patches\n0.15.1 contains an upgraded envoy binary with this vulnerability patched.\n\n### Workarounds\nIf only trusted upstreams are configured, there is not substantial risk of this condition being triggered.\n\n### References\n[envoy GSA](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8)\n[envoy CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32780)\n[envoy announcement](https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [pomerium/pomerium](https://github.com/pomerium/pomerium/issues)\n* Email us at [security@pomerium.com](mailto:security@pomerium.com)\n\n",
"id": "GHSA-gjcg-vrxg-xmgv",
"modified": "2021-09-10T16:32:16Z",
"published": "2021-09-10T17:54:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
},
{
"type": "WEB",
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39162"
},
{
"type": "PACKAGE",
"url": "https://github.com/pomerium/pomerium"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect handling of H2 GOAWAY + SETTINGS frames"
}
GHSA-GJPM-6W34-PPVF
Vulnerability from github – Published: 2025-08-11 21:31 – Updated: 2025-09-24 17:06Mattermost Confluence Plugin versions < 1.5.0 fails to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the server webhook endpoint with an invalid request body.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-plugin-confluence"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54463"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-11T23:58:21Z",
"nvd_published_at": "2025-08-11T19:15:30Z",
"severity": "MODERATE"
},
"details": "Mattermost Confluence Plugin versions \u003c 1.5.0 fails to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the server webhook endpoint with an invalid request body.",
"id": "GHSA-gjpm-6w34-ppvf",
"modified": "2025-09-24T17:06:17Z",
"published": "2025-08-11T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54463"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost-plugin-confluence"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3866"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions"
}
GHSA-GM6C-GR8H-R4HG
Vulnerability from github – Published: 2026-03-11 15:31 – Updated: 2026-03-11 15:31Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2026-30900"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T15:16:29Z",
"severity": "HIGH"
},
"details": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",
"id": "GHSA-gm6c-gr8h-r4hg",
"modified": "2026-03-11T15:31:52Z",
"published": "2026-03-11T15:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30900"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GM94-VR86-WGQV
Vulnerability from github – Published: 2024-12-27 12:30 – Updated: 2025-10-22 00:33A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
{
"affected": [],
"aliases": [
"CVE-2024-3393"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:17Z",
"severity": "HIGH"
},
"details": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.",
"id": "GHSA-gm94-vr86-wgqv",
"modified": "2025-10-22T00:33:12Z",
"published": "2024-12-27T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3393"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-3393"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-GMCH-57W2-PJ7Q
Vulnerability from github – Published: 2022-12-26 06:30 – Updated: 2023-01-05 06:30An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
{
"affected": [],
"aliases": [
"CVE-2021-44856"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-26T06:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.",
"id": "GHSA-gmch-57w2-pj7q",
"modified": "2023-01-05T06:30:22Z",
"published": "2022-12-26T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44856"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T271037"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GP64-4CCQ-3VPW
Vulnerability from github – Published: 2023-04-18 00:32 – Updated: 2024-04-04 03:31An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.
{
"affected": [],
"aliases": [
"CVE-2023-28965"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-17T22:15:08Z",
"severity": "HIGH"
},
"details": "An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.",
"id": "GHSA-gp64-4ccq-3vpw",
"modified": "2024-04-04T03:31:23Z",
"published": "2023-04-18T00:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28965"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA70589"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV26-JPJ9-C8GQ
Vulnerability from github – Published: 2022-03-18 17:52 – Updated: 2024-11-13 16:11Impact
Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data:
import tensorflow as tf
a_indices = tf.ones([45, 92], dtype=tf.int64)
a_values = tf.ones([45], dtype=tf.int64)
a_shape = tf.ones([1], dtype=tf.int64)
b_indices = tf.ones([1, 1], dtype=tf.int64)
b_values = tf.ones([1], dtype=tf.int64)
b_shape = tf.ones([1], dtype=tf.int64)
tf.raw_ops.SparseSparseMinimum(a_indices=a_indices,
a_values=a_values,
a_shape=a_shape,
b_indices=b_indices,
b_values=b_values,
b_shape=b_shape)
The implementation has a large set of validation for the two sparse tensor inputs (6 tensors in total), but does not validate that the tensors are not empty or that the second dimension of *_indices matches the size of corresponding *_shape. This allows attackers to send tensor triples that represent invalid sparse tensors to abuse code assumptions that are not protected by validation.
Patches
We have patched the issue in GitHub commit ba6822bd7b7324ba201a28b2f278c29a98edbef2 followed by GitHub commit f6fde895ef9c77d848061c0517f19d0ec2682f3a.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29607"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:18:43Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIncomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data:\n\n```python \nimport tensorflow as tf\n\na_indices = tf.ones([45, 92], dtype=tf.int64)\na_values = tf.ones([45], dtype=tf.int64)\na_shape = tf.ones([1], dtype=tf.int64)\nb_indices = tf.ones([1, 1], dtype=tf.int64)\nb_values = tf.ones([1], dtype=tf.int64)\nb_shape = tf.ones([1], dtype=tf.int64)\n \ntf.raw_ops.SparseSparseMinimum(a_indices=a_indices,\n a_values=a_values,\n a_shape=a_shape,\n b_indices=b_indices,\n b_values=b_values,\n b_shape=b_shape)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc) has a large set of validation for the two sparse tensor inputs (6 tensors in total), but does not validate that the tensors are not empty or that the second dimension of `*_indices` matches the size of corresponding `*_shape`. This allows attackers to send tensor triples that represent invalid sparse tensors to abuse code assumptions that are not protected by validation.\n\n### Patches \nWe have patched the issue in GitHub commit [ba6822bd7b7324ba201a28b2f278c29a98edbef2](https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2) followed by GitHub commit [f6fde895ef9c77d848061c0517f19d0ec2682f3a](https://github.com/tensorflow/tensorflow/commit/f6fde895ef9c77d848061c0517f19d0ec2682f3a).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-gv26-jpj9-c8gq",
"modified": "2024-11-13T16:11:18Z",
"published": "2022-03-18T17:52:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gv26-jpj9-c8gq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29607"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f6fde895ef9c77d848061c0517f19d0ec2682f3a"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-535.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-733.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-244.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Incomplete validation in `SparseSparseMinimum`"
}
GHSA-GV42-43RH-4GXV
Vulnerability from github – Published: 2026-01-07 18:30 – Updated: 2026-01-07 18:30Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
{
"affected": [],
"aliases": [
"CVE-2025-4675"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T17:15:59Z",
"severity": "HIGH"
},
"details": "Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.",
"id": "GHSA-gv42-43rh-4gxv",
"modified": "2026-01-07T18:30:25Z",
"published": "2026-01-07T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4675"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GV4F-M3JW-J3H9
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).
On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:
- 24.4 releases before 24.4R2,
- 25.2 releases before 25.2R1-S1, 25.2R2.
This issue does not affect Junos OS releases before 24.4R1.
{
"affected": [],
"aliases": [
"CVE-2026-33781"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:27Z",
"severity": "HIGH"
},
"details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n * 24.4 releases before 24.4R2,\n * 25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1.",
"id": "GHSA-gv4f-m3jw-j3h9",
"modified": "2026-04-10T00:30:29Z",
"published": "2026-04-10T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33781"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA107869"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
- Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Mitigation
Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.
No CAPEC attack patterns related to this CWE.