CWE-754 590 個 CVE MITRE 定義 ↗

CWE-754:Improper Check for Unusual or Exceptional Conditions

概覽

CWE-754(Improper Check for Unusual or Exceptional Conditions)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

背景詳情

來自 CWE 目錄的擴展上下文(由 MITRE XHTML 渲染)。

Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-55577 2026-07-01 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could res…
CVE-2026-54269 2026-06-22 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufj…
CVE-2026-47216 2026-06-12 Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted reques…
CVE-2026-0269 2026-06-10 A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet.…
CVE-2026-46541 2026-06-09 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initial…
CVE-2026-45678 2026-06-02 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid…
CVE-2026-49325 2026-05-29 Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module…
CVE-2026-49318 2026-05-29 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. Th…
CVE-2026-49317 2026-05-29 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. Th…
CVE-2026-49316 2026-05-29 Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by…
CVE-2026-5343 2026-05-28 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before…
CVE-2026-39929 2026-05-28 Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to…
CVE-2026-44324 2026-05-27 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions hand…
CVE-2026-44322 2026-05-27 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a ni…
CVE-2026-44317 2026-05-27 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose asc…
CVE-2026-44316 2026-05-27 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer…
CVE-2025-13392 2026-05-27 Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attac…
CVE-2026-4915 2026-05-25 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an a…
CVE-2026-40094 2026-05-20 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and st…
CVE-2026-5946 2026-05-20 Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes …

曾用名

  • Improper Check for Exceptional Conditions (2010-02-16)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2009-03-03
版本
1.3
評論
New entry for reorganization of CWE-703.

內容修訂

日期 名稱 版本 重要性 評論
2009-07-27 CWE Content Team 1.5 updated Relationships
2009-12-28 CWE Content Team 1.7 updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction
2010-02-16 CWE Content Team 1.8 updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships
2010-04-05 CWE Content Team 1.8.1 updated Demonstrative_Examples, Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Common_Consequences, Detection_Factors, Potential_Mitigations, References
2010-09-27 CWE Content Team 1.10 updated Potential_Mitigations
2010-12-13 CWE Content Team 1.11 updated Relationship_Notes
2011-03-29 CWE Content Team 1.12 updated Description, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences, Related_Attack_Patterns, Relationships
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Demonstrative_Examples, Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Description, Relationships
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2020-12-10 CWE Content Team 4.3 updated Potential_Mitigations
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Relationships
2021-07-20 CWE Content Team 4.5 updated Relationships
2022-04-28 CWE Content Team 4.7 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description, Potential_Mitigations
2023-04-27 CWE Content Team 4.11 updated References, Relationships, Taxonomy_Mappings
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Observed_Examples
2024-07-16 CWE Content Team 4.15 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Content "Mapping CWE to 62443" Sub-Working Group 2023-04-25 Suggested mappings to ISA/IEC 62443.
cvelogic Threat Intelligence