Vulnerabilities > Improper Handling of Exceptional Conditions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-6843 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. | 4.0 |
| 2019-10-29 | CVE-2019-6842 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. | 4.0 |
| 2019-10-29 | CVE-2019-6841 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. | 4.0 |
| 2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
| 2019-10-15 | CVE-2019-17195 | Improper Handling of Exceptional Conditions vulnerability in multiple products Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | 9.8 |
| 2019-10-10 | CVE-2019-1376 | Improper Handling of Exceptional Conditions vulnerability in Microsoft SQL Server Management Studio 18.3.1 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. | 4.0 |
| 2019-10-10 | CVE-2019-1342 | Improper Handling of Exceptional Conditions vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.2 |
| 2019-10-10 | CVE-2019-1313 | Improper Handling of Exceptional Conditions vulnerability in Microsoft SQL Server Management Studio 18.3/18.3.1 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. | 4.0 |
| 2019-10-09 | CVE-2019-0060 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 15.1X49/18.2/18.4 The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. | 5.0 |
| 2019-10-09 | CVE-2019-0051 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. | 5.0 |