Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-7369-45QW-88C2

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-27T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.",
  "id": "GHSA-7369-45qw-88c2",
  "modified": "2022-05-24T17:29:43Z",
  "published": "2022-05-24T17:29:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25869"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T260485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-74RW-PW87-V75G

Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2024-03-21 03:34
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-06T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-74rw-pw87-v75g",
  "modified": "2024-03-21T03:34:18Z",
  "published": "2022-09-07T00:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32264"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN20930118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-758V-5G69-M4M5

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00
VLAI
Details

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-14T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.",
  "id": "GHSA-758v-5g69-m4m5",
  "modified": "2022-05-24T17:00:54Z",
  "published": "2022-05-24T17:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0144"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-77MV-HM7R-PR35

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-14T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.",
  "id": "GHSA-77mv-hm7r-pr35",
  "modified": "2022-05-13T01:44:19Z",
  "published": "2022-05-13T01:44:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17172"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77QM-WVQQ-FG79

Vulnerability from github – Published: 2022-08-30 20:18 – Updated: 2022-08-30 20:18
VLAI
Summary
Directus vulnerable to unhandled exception on illegal filename_disk value
Details

The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint.

The vulnerability is patched and released in v9.15.0.

You can prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.

For more information

If you have any questions or comments about this advisory: * Open a Discussion in directus/directus * Email us at security@directus.io

Credits

This vulnerability was first discovered and reported by Witold Gorecki.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "directus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-30T20:18:48Z",
    "nvd_published_at": "2022-08-19T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. \n\nThe vulnerability is patched and released in v9.15.0.\n\nYou can prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open a Discussion in [directus/directus](https://github.com/directus/directus/discussions)\n* Email us at [security@directus.io](mailto:security@directus.io)\n\n### Credits\n\nThis vulnerability was first discovered and reported by Witold Gorecki.",
  "id": "GHSA-77qm-wvqq-fg79",
  "modified": "2022-08-30T20:18:48Z",
  "published": "2022-08-30T20:18:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36031"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/directus/directus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Directus vulnerable to unhandled exception on illegal filename_disk value"
}

GHSA-798M-XWF9-PJW6

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-06-03 18:53
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: Fix possible access to freed memory in link clear

After modifying the QP to the Error state, all RX WR would be completed with WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not wait for it is done, but destroy the QP and free the link group directly. So there is a risk that accessing the freed memory in tasklet context.

Here is a crash example:

BUG: unable to handle page fault for address: ffffffff8f220860 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S OE 5.10.0-0607+ #23 Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018 RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0 Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32 RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086 RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000 RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00 RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010 R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040 FS: 0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: _raw_spin_lock_irqsave+0x30/0x40 mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib] smc_wr_rx_tasklet_fn+0x56/0xa0 [smc] tasklet_action_common.isra.21+0x66/0x100 __do_softirq+0xd5/0x29c asm_call_irq_on_stack+0x12/0x20 do_softirq_own_stack+0x37/0x40 irq_exit_rcu+0x9d/0xa0 sysvec_call_function_single+0x34/0x80 asm_sysvec_call_function_single+0x12/0x20

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T15:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S         OE     5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e \u003c48\u003e 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS:  0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  \u003cIRQ\u003e\n  _raw_spin_lock_irqsave+0x30/0x40\n  mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n  smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n  tasklet_action_common.isra.21+0x66/0x100\n  __do_softirq+0xd5/0x29c\n  asm_call_irq_on_stack+0x12/0x20\n  \u003c/IRQ\u003e\n  do_softirq_own_stack+0x37/0x40\n  irq_exit_rcu+0x9d/0xa0\n  sysvec_call_function_single+0x34/0x80\n  asm_sysvec_call_function_single+0x12/0x20",
  "id": "GHSA-798m-xwf9-pjw6",
  "modified": "2024-06-03T18:53:45Z",
  "published": "2024-05-03T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48673"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-79V4-XHFM-CR97

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-17 18:31
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).

When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts.

Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices.

This issue affects:

Juniper Networks Junos OS: 

  • All versions before 21.4R3-S8, 
  • from 22.2 before 22.2R3-S4, 
  • from 22.4 before 22.4R3-S3, 
  • from 23.2 before 23.2R2-S1, 
  • from 23.4 before 23.4R1-S2, 23.4R2.

Juniper Networks Junos OS Evolved: 

  • All versions before 21.4R3-S8-EVO,
  • from 22.2 before 22.2R3-S4-EVO,
  • from 22.4 before 22.4R3-S3-EVO,
  • from 23.2 before 23.2R2-S1-EVO,
  • from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).\n\nWhen a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. \n\nContinuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects:\n\n\u2003Juniper Networks Junos OS:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8,\u00a0\n  *  from 22.2 before 22.2R3-S4,\u00a0\n  *  from 22.4 before 22.4R3-S3,\u00a0\n  *  from 23.2 before 23.2R2-S1,\u00a0\n  *  from 23.4 before 23.4R1-S2, 23.4R2.\n\n\n\u2003Juniper Networks Junos OS Evolved:\u00a0\n\n  *  All versions before 21.4R3-S8-EVO, \n  *  from 22.2 before 22.2R3-S4-EVO, \n  *  from 22.4 before 22.4R3-S3-EVO,\n  *  from 23.2 before 23.2R2-S1-EVO, \n  *  from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.",
  "id": "GHSA-79v4-xhfm-cr97",
  "modified": "2024-10-17T18:31:34Z",
  "published": "2024-10-11T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47491"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7C3F-H49G-4MG6

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-06T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.",
  "id": "GHSA-7c3f-h49g-4mg6",
  "modified": "2022-05-24T17:33:19Z",
  "published": "2022-05-24T17:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27121"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7C4J-2M43-2MGH

Vulnerability from github – Published: 2026-04-22 19:19 – Updated: 2026-04-27 16:22
VLAI
Summary
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
Details

Impact

An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key.

Hashing an election macro header hashes validators and reaches Validators::voting_keys(), which calls validator.voting_key.uncompress().unwrap() and panics on invalid bytes.

Patches

The patch for this vulnerability is included as part of v1.3.0.

Workarounds

No known workarounds.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "nimiq-primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T19:19:28Z",
    "nvd_published_at": "2026-04-22T20:16:41Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key.\n\nHashing an election macro header hashes `validators` and reaches `Validators::voting_keys()`, which calls `validator.voting_key.uncompress().unwrap()` and panics on invalid bytes.\n\n### Patches\n[The patch for this vulnerability](https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff) is included as part of [v1.3.0](https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0).\n\n### Workarounds\nNo known workarounds.",
  "id": "GHSA-7c4j-2m43-2mgh",
  "modified": "2026-04-27T16:22:32Z",
  "published": "2026-04-22T19:19:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7c4j-2m43-2mgh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/pull/3662"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nimiq/core-rs-albatross"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals"
}

GHSA-7FF5-P6PM-JW35

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2025-11-25 18:32
VLAI
Details

A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
  "id": "GHSA-7ff5-p6pm-jw35",
  "modified": "2025-11-25T18:32:16Z",
  "published": "2022-05-24T16:50:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11694"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1534196"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-14"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.