CVEbaza.plSłownik CWECWE-544
Common Weakness Enumeration

CWE-544

Missing Standardized Error Handling Mechanism

Kategoria: BaseCVE: 7
Opis

Produkt nie stosuje ustandaryzowanej metody obsługi błędów w całym kodzie, co może prowadzić do niespójnej obsługi błędów i wynikających z tego luk bezpieczeństwa. Brak jednolitego podejścia do obsługi wyjątków i błędów zwiększa ryzyko powstania podatności.

Description (EN)

The product does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

Podatności CVE z CWE-544 (7)
6.5
CVSS
MEDIUM
CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.

pub. 2025-01-04
6.5
CVSS
MEDIUM
CVE-2024-47971

Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service.

pub. 2024-10-07
5.9
CVSS
MEDIUM
CVE-2023-29105

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

pub. 2023-05-09
5.8
CVSS
MEDIUM
CVE-2020-5359

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

pub. 2020-12-16
5.3
CVSS
MEDIUM
CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system responds with a message such as "account not found." Conversely, when the username or email exists but the password is incorrect, a different error message is returned. This discrepancy allows an attacker to enumerate valid user accounts by analyzing the error responses, potentially facilitating targeted social engineering, brute force, or credential stuffing attacks.

pub. 2025-10-22
5.3
CVSS
MEDIUM
CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadv_*_init() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadv_*_free() functions. So, this patch makes all batadv_*_init() clean up all allocated memory before returning with an error to no call correspoing batadv_*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields.

pub. 2024-05-22
4.3
CVSS
MEDIUM
CVE-2023-6599

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

pub. 2023-12-08
Informacje
ID: CWE-544
Typ: Base
Podatności: 7
MITRE CWE ↗
← Słownik CWE
CWE-544 — Brak ustandaryzowanego mechanizmu obsługi błędów | Słownik CWE | CVEbaza.pl