CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-PH7H-74XQ-935C
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
{
"affected": [],
"aliases": [
"CVE-2020-4302"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-12T14:15:00Z",
"severity": "HIGH"
},
"details": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.",
"id": "GHSA-ph7h-74xq-935c",
"modified": "2022-05-24T17:30:29Z",
"published": "2022-05-24T17:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4302"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176610"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6346922"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PRP9-Q697-6CF2
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.
{
"affected": [],
"aliases": [
"CVE-2019-0051"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.",
"id": "GHSA-prp9-q697-6cf2",
"modified": "2022-05-24T16:58:11Z",
"published": "2022-05-24T16:58:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0051"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA10973"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PV78-Q37W-R4JP
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
{
"affected": [],
"aliases": [
"CVE-2024-49841"
],
"database_specific": {
"cwe_ids": [
"CWE-390",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T09:15:21Z",
"severity": "HIGH"
},
"details": "Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.",
"id": "GHSA-pv78-q37w-r4jp",
"modified": "2025-05-06T09:31:33Z",
"published": "2025-05-06T09:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49841"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVC4-6V97-6F49
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.
{
"affected": [],
"aliases": [
"CVE-2021-0240"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T20:15:00Z",
"severity": "HIGH"
},
"details": "On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.",
"id": "GHSA-pvc4-6v97-6f49",
"modified": "2022-05-24T17:48:12Z",
"published": "2022-05-24T17:48:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0240"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11168"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PVCH-4X5X-P3QC
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-10-21 19:01In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.
{
"affected": [],
"aliases": [
"CVE-2020-10604"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-25T00:15:00Z",
"severity": "HIGH"
},
"details": "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.",
"id": "GHSA-pvch-4x5x-p3qc",
"modified": "2022-10-21T19:01:12Z",
"published": "2022-05-24T17:24:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10604"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVQ5-77H5-RGW5
Vulnerability from github – Published: 2022-12-25 00:30 – Updated: 2022-12-31 00:30Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.
{
"affected": [],
"aliases": [
"CVE-2022-47933"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-24T22:15:00Z",
"severity": "MODERATE"
},
"details": "Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.",
"id": "GHSA-pvq5-77h5-rgw5",
"modified": "2022-12-31T00:30:23Z",
"published": "2022-12-25T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47933"
},
{
"type": "WEB",
"url": "https://github.com/brave/brave-browser/issues/23646"
},
{
"type": "WEB",
"url": "https://github.com/brave/brave-browser/issues/24378"
},
{
"type": "WEB",
"url": "https://github.com/brave/brave-core/pull/13989"
},
{
"type": "WEB",
"url": "https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1610343"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWFR-8PQ7-X9QV
Vulnerability from github – Published: 2023-12-16 00:52 – Updated: 2023-12-16 00:52Impact
Versions v9.26.0, v10.9.x), v11.1.x, v12.0.x all contained the code that would throw the error.
Specifically, during a pentest we encountered a bug in the octokit/webhooks library (a dependency of Probot, a framework for building Github Apps). The resulting request was found to cause an uncaught exception that ends the nodejs process.
The problem is caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases.
Credit goes to @pb82 (for the early analysis) and @rh-tguittet (for discovery).
Patches
Maintenance releases for the Error being thrown by the verify method in octokit/webhooks.js * v12 - v12.0.4 * v11 - v11.1.2 * v10 -v10.9.2 * v9 - v9.26.3
Maintenance release for the reference for octokit/webhooks.js in app.js * v14.0.2
Maintenance release for the reference for octokit/webhooks.js in octokit.js * v3.1.2
Maintenance release for the reference for octokit/webhooks.js in Protobot * v12.3.3
Workarounds
It is recommend that all users upgrade to the latest version of octokit/webhooks.js or use one of the updated back ported versions.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@octokit/webhooks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.26.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@octokit/webhooks"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.9.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@octokit/webhooks"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@octokit/webhooks"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@octokit/app"
},
"ranges": [
{
"events": [
{
"introduced": "14.0.1"
},
{
"fixed": "14.0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.0.1"
]
},
{
"package": {
"ecosystem": "npm",
"name": "octokit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "probot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50728"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-16T00:52:19Z",
"nvd_published_at": "2023-12-15T22:15:07Z",
"severity": "HIGH"
},
"details": "### Impact\nVersions [v9.26.0](https://github.com/octokit/webhooks.js/releases/tag/v9.26.0), [v10.9.x](https://github.com/octokit/webhooks.js/releases/tag/v10.9.1)), [v11.1.x](https://github.com/octokit/webhooks.js/releases/tag/v11.1.1), [v12.0.x](https://github.com/octokit/webhooks.js/releases/tag/v12.0.3) all contained the code that would throw the error.\n\nSpecifically, during a pentest we encountered a bug in the octokit/webhooks library (a dependency of Probot, a framework for building Github Apps). The resulting request was found to cause an uncaught exception that ends the nodejs process.\n\nThe problem is caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases.\n\nCredit goes to @pb82 (for the early analysis) and @rh-tguittet (for discovery). \n\n### Patches\n\nMaintenance releases for the Error being thrown by the verify method in [octokit/webhooks.js](https://github.com/octokit/webhooks.js)\n* v12 - [v12.0.4](https://github.com/octokit/webhooks.js/releases/tag/v12.0.4)\n* v11 - [v11.1.2](https://github.com/octokit/webhooks.js/releases/tag/v11.1.2)\n* v10 -[v10.9.2](https://github.com/octokit/webhooks.js/releases/tag/v10.9.2)\n* v9 - [v9.26.3](https://github.com/octokit/webhooks.js/releases/tag/v9.26.3)\n\nMaintenance release for the reference for [octokit/webhooks.js](https://github.com/octokit/webhooks.js) in [app.js](https://github.com/octokit/app.js)\n* [v14.0.2](https://github.com/octokit/app.js/releases/tag/v14.0.2)\n\nMaintenance release for the reference for [octokit/webhooks.js](https://github.com/octokit/webhooks.js) in [octokit.js](https://github.com/octokit/octokit.js)\n* [v3.1.2](https://github.com/octokit/octokit.js/releases/tag/v3.1.2)\n\nMaintenance release for the reference for [octokit/webhooks.js](https://github.com/octokit/webhooks.js) in [Protobot](https://github.com/probot/probot)\n* [v12.3.3](https://github.com/probot/probot/releases/tag/v12.3.3)\n\n\n### Workarounds\nIt is recommend that all users upgrade to the latest version of [octokit/webhooks.js](https://github.com/octokit/webhooks.js) or use one of the updated back ported versions.\n\n",
"id": "GHSA-pwfr-8pq7-x9qv",
"modified": "2023-12-16T00:52:19Z",
"published": "2023-12-16T00:52:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50728"
},
{
"type": "WEB",
"url": "https://github.com/octokit/app.js/releases/tag/v14.0.2"
},
{
"type": "WEB",
"url": "https://github.com/octokit/octokit.js/releases/tag/v3.1.2"
},
{
"type": "PACKAGE",
"url": "https://github.com/octokit/webhooks.js"
},
{
"type": "WEB",
"url": "https://github.com/octokit/webhooks.js/releases/tag/v10.9.2"
},
{
"type": "WEB",
"url": "https://github.com/octokit/webhooks.js/releases/tag/v11.1.2"
},
{
"type": "WEB",
"url": "https://github.com/octokit/webhooks.js/releases/tag/v12.0.4"
},
{
"type": "WEB",
"url": "https://github.com/octokit/webhooks.js/releases/tag/v9.26.3"
},
{
"type": "WEB",
"url": "https://github.com/probot/probot/releases/tag/v12.3.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unauthenticated Denial of Service in the octokit/webhooks library"
}
GHSA-PWFW-MGFJ-7G3G
Vulnerability from github – Published: 2019-10-08 16:30 – Updated: 2024-09-20 16:47possible DoS in signature verification and signature malleability
Impact
Code using VerifyingKey.verify() and VerifyingKey.verify_digest() may receive exceptions other than the documented BadSignatureError when signatures are malformed. If those other exceptions are not caught, they may lead to program termination and thus Denial of Service
Code using VerifyingKey.verify() and VerifyingKey.verify_digest() with sigdecode option using ecdsa.util.sigdecode_der will accept signatures even if they are not properly formatted DER. This makes the signatures malleable. It impacts only applications that later sign the signatures or verify signatures of signatures, e.g. Bitcoin.
All versions between 0.5 and 0.13.2 (inclusive) are thought to be vulnerable. Code before 0.5 may be vulnerable but didn't receive extended analysis to rule this issue out.
Patches
The patches have been merged to master branch in https://github.com/warner/python-ecdsa/pull/115.
The backported patches for a release in the 0.13 branch are in https://github.com/warner/python-ecdsa/pull/124
They are part of the 0.13.3 release.
There are no plans to backport them to earlier releases.
Workarounds
It may be possible to prevent the Denial of Service by catching also UnexpectedDER, IndexError and AssertionError exceptions. That list hasn't been verified to be complete though. If those exceptions are raised, the signature verification process should consider the signature to be invalid.
To remediate signature malleability and the Denial of Service vulnerability, it may be possible to first verify that the signature is properly DER formatted ECDSA-Sig-Value, as defined in RFC3279, before passing it to verify() or verify_digest() methods. If the signature is determined to not follow the DER or encode a different structure, the signature verification process should consider the signature to be invalid.
References
https://en.bitcoinwiki.org/wiki/Transaction_Malleability
For more information
If you have any questions or comments about this advisory please open an issue in python-ecdsa project.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ecdsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14853"
],
"database_specific": {
"cwe_ids": [
"CWE-391",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:41:53Z",
"nvd_published_at": "2019-11-26T13:15:00Z",
"severity": "HIGH"
},
"details": "## possible DoS in signature verification and signature malleability \n\n### Impact\nCode using `VerifyingKey.verify()` and `VerifyingKey.verify_digest()` may receive exceptions other than the documented `BadSignatureError` when signatures are malformed. If those other exceptions are not caught, they may lead to program termination and thus Denial of Service\n\nCode using `VerifyingKey.verify()` and `VerifyingKey.verify_digest()` with `sigdecode` option using `ecdsa.util.sigdecode_der` will accept signatures even if they are not properly formatted DER. This makes the signatures malleable. It impacts only applications that later sign the signatures or verify signatures of signatures, e.g. Bitcoin.\n\nAll versions between 0.5 and 0.13.2 (inclusive) are thought to be vulnerable. Code before 0.5 may be vulnerable but didn\u0027t receive extended analysis to rule this issue out.\n\n### Patches\nThe patches have been merged to `master` branch in https://github.com/warner/python-ecdsa/pull/115.\nThe backported patches for a release in the 0.13 branch are in https://github.com/warner/python-ecdsa/pull/124\n\nThey are part of the 0.13.3 release.\n\nThere are no plans to backport them to earlier releases.\n\n### Workarounds\nIt may be possible to prevent the Denial of Service by catching also `UnexpectedDER`, `IndexError` and `AssertionError` exceptions. That list hasn\u0027t been verified to be complete though. If those exceptions are raised, the signature verification process should consider the signature to be invalid.\n\nTo remediate signature malleability and the Denial of Service vulnerability, it may be possible to first verify that the signature is properly DER formatted ECDSA-Sig-Value, as defined in [RFC3279](https://tools.ietf.org/html/rfc3279), before passing it to `verify()` or `verify_digest()` methods. If the signature is determined to not follow the DER or encode a different structure, the signature verification process should consider the signature to be invalid.\n\n### References\nhttps://en.bitcoinwiki.org/wiki/Transaction_Malleability\n\n### For more information\nIf you have any questions or comments about this advisory please open an issue in [python-ecdsa](https://github.com/warner/python-ecdsa/issues) project.\n",
"id": "GHSA-pwfw-mgfj-7g3g",
"modified": "2024-09-20T16:47:14Z",
"published": "2019-10-08T16:30:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/warner/python-ecdsa/security/advisories/GHSA-pwfw-mgfj-7g3g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14853"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ecdsa/PYSEC-2019-177.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/warner/python-ecdsa"
},
{
"type": "WEB",
"url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/33"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4588"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ecdsa Denial of Service vulnerability in signature verification and signature malleability"
}
GHSA-PWW6-PFX4-8P5C
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-27042"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-25T13:15:00Z",
"severity": "HIGH"
},
"details": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.",
"id": "GHSA-pww6-pfx4-8p5c",
"modified": "2022-05-24T19:06:19Z",
"published": "2022-05-24T19:06:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27042"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-446"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX2P-9R77-W9CQ
Vulnerability from github – Published: 2024-11-22 12:39 – Updated: 2024-11-22 12:39A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.
{
"affected": [],
"aliases": [
"CVE-2024-51766"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T12:15:19Z",
"severity": "MODERATE"
},
"details": "A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.",
"id": "GHSA-px2p-9r77-w9cq",
"modified": "2024-11-22T12:39:09Z",
"published": "2024-11-22T12:39:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51766"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.