CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
686 vulnerabilities reference this CWE, most recent first.
GHSA-2VP3-CRWQ-3FG5
Vulnerability from github – Published: 2025-07-16 09:31 – Updated: 2025-11-05 00:31Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up and recover the changes to the arithmetic flags.
For replayed instructions where the flags recovery logic is used, the metadata for exception handling was incorrect, preventing Xen from handling the the exception gracefully, treating it as fatal instead.
{
"affected": [],
"aliases": [
"CVE-2025-27465"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T09:15:23Z",
"severity": "MODERATE"
},
"details": "Certain instructions need intercepting and emulating by Xen. In some\ncases Xen emulates the instruction by replaying it, using an executable\nstub. Some instructions may raise an exception, which is supposed to be\nhandled gracefully. Certain replayed instructions have additional logic\nto set up and recover the changes to the arithmetic flags.\n\nFor replayed instructions where the flags recovery logic is used, the\nmetadata for exception handling was incorrect, preventing Xen from\nhandling the the exception gracefully, treating it as fatal instead.",
"id": "GHSA-2vp3-crwq-3fg5",
"modified": "2025-11-05T00:31:21Z",
"published": "2025-07-16T09:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27465"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-470.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/01/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-470.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2X7M-PRQF-X77X
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.
{
"affected": [],
"aliases": [
"CVE-2018-0316"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-07T12:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.",
"id": "GHSA-2x7m-prqf-x77x",
"modified": "2022-05-13T01:35:25Z",
"published": "2022-05-13T01:35:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0316"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041073"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32G3-35G9-WC9G
Vulnerability from github – Published: 2026-06-10 13:38 – Updated: 2026-06-10 13:38Affected: @hulumi/drift < 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 (Improper Handling of Exceptional Conditions)
Summary
@hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted (Pulumi-state diff, provider-version change, CloudTrail event, etc.). A classifier combines the adapters' answers into a verdict like None / none, ConsoleBreakGlass / high, or Mixed / high, and caches the verdict for 6 hours by default.
Two related bugs from one root cause — the classifier only read each adapter's detected: true/false field and ignored whether the adapter itself succeeded:
- Cached "all clear" on adapter failure. When an adapter failed (e.g. transient network error from the Automation API), the classifier read
detected: false, concluded "no drift", and cached the verdict asNone / nonefor 6 hours. A single transient failure could mask real console-break-glass mutations for the rest of the window. - Mixed verdicts without real evidence. The
Mixed / highandConsoleBreakGlass / highverdicts (incident severity) could fire on the "the CloudTrail probe round-tripped successfully" signal rather than actual evidence that anything had been changed via the console. Normal provider-API churn could end up falsely escalated to incident severity.
Impact
Consumers running drift detection in CI / cron could see transient adapter failures silently cached as "all clear" — masking real attacks for up to six hours — or see ordinary provider-version churn falsely promoted to incident severity. Either way, the verdict source was unreliable for downstream incident workflows that gate on it.
Patches
Upgrade to @hulumi/drift@1.4.0. Classifier-only fix (the TLA+-verified 6-row verdict matrix is byte-identical):
- adapter failures now fail closed to
Unknown / low, and degraded verdicts are not written to the cache; - the
Mixed/ConsoleBreakGlasspromotion now requires real CloudTrail event evidence rather than probe liveness.
Workarounds
Setting options.minConfidence: "medium" on the classifier call prevents the degraded None / none from being cached (it doesn't meet the threshold), partially mitigating case (1). No workaround for case (2).
Resources
- PR #178 (Cluster D); regression tests in
packages/drift/tests/classifier-fail-closed.test.ts.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@hulumi/drift"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48036"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-10T13:38:50Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "**Affected:** `@hulumi/drift` `\u003c 1.4.0` \u2014 **Fixed in:** `1.4.0` \u2014 **Severity:** Medium \u2014 **CWE-755 (Improper Handling of Exceptional Conditions)**\n\n#### Summary\n\n`@hulumi/drift` runs four adapters that each ask a different question about whether a resource has drifted (Pulumi-state diff, provider-version change, CloudTrail event, etc.). A classifier combines the adapters\u0027 answers into a verdict like `None / none`, `ConsoleBreakGlass / high`, or `Mixed / high`, and caches the verdict for 6 hours by default.\n\nTwo related bugs from one root cause \u2014 the classifier only read each adapter\u0027s `detected: true/false` field and ignored whether the adapter itself succeeded:\n\n1. **Cached \"all clear\" on adapter failure.** When an adapter failed (e.g. transient network error from the Automation API), the classifier read `detected: false`, concluded \"no drift\", and cached the verdict as `None / none` for 6 hours. A single transient failure could mask real console-break-glass mutations for the rest of the window.\n2. **Mixed verdicts without real evidence.** The `Mixed / high` and `ConsoleBreakGlass / high` verdicts (incident severity) could fire on the \"the CloudTrail probe round-tripped successfully\" signal rather than actual evidence that anything had been changed via the console. Normal provider-API churn could end up falsely escalated to incident severity.\n\n#### Impact\n\nConsumers running drift detection in CI / cron could see transient adapter failures silently cached as \"all clear\" \u2014 masking real attacks for up to six hours \u2014 or see ordinary provider-version churn falsely promoted to incident severity. Either way, the verdict source was unreliable for downstream incident workflows that gate on it.\n\n#### Patches\n\nUpgrade to `@hulumi/drift@1.4.0`. Classifier-only fix (the TLA+-verified 6-row verdict matrix is byte-identical):\n\n- adapter failures now fail closed to `Unknown / low`, and degraded verdicts are not written to the cache;\n- the `Mixed` / `ConsoleBreakGlass` promotion now requires real CloudTrail event evidence rather than probe liveness.\n\n#### Workarounds\n\nSetting `options.minConfidence: \"medium\"` on the classifier call prevents the degraded `None / none` from being cached (it doesn\u0027t meet the threshold), partially mitigating case (1). No workaround for case (2).\n\n#### Resources\n\n- [PR #178](https://github.com/kerberosmansour/hulumi/pull/178) (Cluster D); regression tests in `packages/drift/tests/classifier-fail-closed.test.ts`.",
"id": "GHSA-32g3-35g9-wc9g",
"modified": "2026-06-10T13:38:50Z",
"published": "2026-06-10T13:38:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kerberosmansour/hulumi/security/advisories/GHSA-32g3-35g9-wc9g"
},
{
"type": "WEB",
"url": "https://github.com/kerberosmansour/hulumi/pull/178"
},
{
"type": "PACKAGE",
"url": "https://github.com/kerberosmansour/hulumi"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
"type": "CVSS_V4"
}
],
"summary": "@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts"
}
GHSA-32GP-2G42-V9VC
Vulnerability from github – Published: 2026-06-03 03:30 – Updated: 2026-06-03 18:33Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws.
To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it only on the normal return path. When decoding aborts through a Perl exception, for example a filter_json_object callback that croaks, the restore is skipped and the scalar is left with its string pointer offset into its own buffer and a shortened length.
When that scalar is later freed, the allocator receives an invalid pointer and the interpreter aborts. A single BOM prefixed document decoded with a throwing filter callback crashes any caller.
{
"affected": [],
"aliases": [
"CVE-2026-9516"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-03T01:16:23Z",
"severity": "HIGH"
},
"details": "Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws.\n\nTo skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar\u0027s string pointer past the mark with SvPV_set() and restores it only on the normal return path. When decoding aborts through a Perl exception, for example a filter_json_object callback that croaks, the restore is skipped and the scalar is left with its string pointer offset into its own buffer and a shortened length.\n\nWhen that scalar is later freed, the allocator receives an invalid pointer and the interpreter aborts. A single BOM prefixed document decoded with a throwing filter callback crashes any caller.",
"id": "GHSA-32gp-2g42-v9vc",
"modified": "2026-06-03T18:33:09Z",
"published": "2026-06-03T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9516"
},
{
"type": "WEB",
"url": "https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.41/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/03/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32RC-PV7X-94GG
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.
{
"affected": [],
"aliases": [
"CVE-2017-9657"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-30T15:29:00Z",
"severity": "MODERATE"
},
"details": "Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.",
"id": "GHSA-32rc-pv7x-94gg",
"modified": "2022-05-13T01:36:04Z",
"published": "2022-05-13T01:36:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9657"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"
},
{
"type": "WEB",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100813"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-33H3-QHJG-4QMF
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:30In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.
{
"affected": [],
"aliases": [
"CVE-2019-14287"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T18:15:00Z",
"severity": "HIGH"
},
"details": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"id": "GHSA-33h3-qhjg-4qmf",
"modified": "2024-04-04T02:30:46Z",
"published": "2022-05-24T16:59:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2"
},
{
"type": "WEB",
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191017-0003"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4154-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"type": "WEB",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-34W2-P277-PP7P
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.
{
"affected": [],
"aliases": [
"CVE-2021-3053"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T17:15:00Z",
"severity": "HIGH"
},
"details": "An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.",
"id": "GHSA-34w2-p277-pp7p",
"modified": "2022-05-24T19:13:20Z",
"published": "2022-05-24T19:13:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3053"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2021-3053"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-37F4-V37X-33QJ
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS).
If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process.
While not explicitly required, the impact is more severe when RIB sharding is enabled.
Task accounting shows unexpected reads by the RPD Server jobs for shards:
user@junos> show task accounting detail ... read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\
This issue affects:
Junos OS with cRPD:
- All versions before 21.2R3-S8,
- 21.4 before 21.4R3-S7,
- 22.1 before 22.1R3-S6,
- 22.2 before 22.2R3-S4,
- 22.3 before 22.3R3-S3,
- 22.4 before 22.4R3-S2,
- 23.2 before 23.2R2-S2,
- 24.2 before 24.2R2;
Junos OS Evolved with cRPD:
- All versions before 21.4R3-S7-EVO,
- 22.2 before 22.2R3-S4-EVO,
- 22.3 before 22.3R3-S3-EVO,
- 22.4 before 22.4R3-S2-EVO,
- 23.2 before 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39547"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T16:15:07Z",
"severity": "HIGH"
},
"details": "An\u00a0Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS).\n\nIf specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process.\n\nWhile not explicitly required, the impact is more severe when RIB sharding is enabled.\n\nTask accounting shows unexpected reads by the RPD Server jobs for shards:\n\nuser@junos\u003e show task accounting detail\n...\nread:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\\\nread:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\\\nread:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\\\nread:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\\\n\n\n\nThis issue affects:\n\nJunos OS with cRPD:\u00a0\n\n * All versions before 21.2R3-S8,\u00a0\n * 21.4 before 21.4R3-S7,\u00a0\n * 22.1 before 22.1R3-S6,\u00a0\n * 22.2 before 22.2R3-S4,\u00a0\n * 22.3 before 22.3R3-S3,\u00a0\n * 22.4 before 22.4R3-S2,\u00a0\n * 23.2 before 23.2R2-S2,\u00a0\n * 24.2 before 24.2R2;\u00a0\n\n\nJunos OS Evolved with cRPD:\u00a0\n\n * All versions before 21.4R3-S7-EVO,\u00a0\n * 22.2 before 22.2R3-S4-EVO,\u00a0\n * 22.3 before 22.3R3-S3-EVO,\u00a0\n * 22.4 before 22.4R3-S2-EVO,\u00a0\n * 23.2 before 23.2R2-EVO.",
"id": "GHSA-37f4-v37x-33qj",
"modified": "2024-10-11T18:32:49Z",
"published": "2024-10-11T18:32:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39547"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA88108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-38HG-Q2GF-CGVF
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
{
"affected": [],
"aliases": [
"CVE-2023-1695"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T13:15:10Z",
"severity": "HIGH"
},
"details": "Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.",
"id": "GHSA-38hg-q2gf-cgvf",
"modified": "2024-04-04T05:26:20Z",
"published": "2023-07-06T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1695"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-38MP-P2G2-47GF
Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-21 00:00In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659
{
"affected": [],
"aliases": [
"CVE-2021-39659"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "MODERATE"
},
"details": "In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659",
"id": "GHSA-38mp-p2g2-47gf",
"modified": "2022-01-21T00:00:56Z",
"published": "2022-01-15T00:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39659"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-01-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.