Search
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34194 | 1 Tinyxml Project | 1 Tinyxml | 2024-01-12 | N/A | 7.5 HIGH |
| StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. | |||||
| CVE-2023-49286 | 1 Squid-cache | 1 Squid | 2024-01-09 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40462 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-31 | N/A | 7.5 HIGH |
| The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | |||||
| CVE-2021-38291 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | |||||
| CVE-2023-33044 | 1 Qualcomm | 180 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 177 more | 2023-12-11 | N/A | 7.5 HIGH |
| Transient DOS in Data modem while handling TLB control messages from the Network. | |||||
| CVE-2023-33043 | 1 Qualcomm | 118 Ar8035, Ar8035 Firmware, Qca6391 and 115 more | 2023-12-11 | N/A | 7.5 HIGH |
| Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. | |||||
| CVE-2023-33041 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csr8811 and 251 more | 2023-12-11 | N/A | 7.5 HIGH |
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | |||||
| CVE-2023-32842 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). | |||||
| CVE-2023-32841 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). | |||||
| CVE-2023-32844 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). | |||||
| CVE-2023-32846 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). | |||||
| CVE-2023-32843 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849). | |||||
| CVE-2023-32845 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2023-12-07 | N/A | 7.5 HIGH |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). | |||||
| CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2023-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||||
| CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2023-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |||||
| CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | |||||
| CVE-2023-39534 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-08-22 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-39949 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-08-21 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | |||||
| CVE-2022-48363 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2023-08-08 | N/A | 7.5 HIGH |
| In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | |||||
| CVE-2022-3488 | 1 Isc | 1 Bind | 2023-08-08 | N/A | 7.5 HIGH |
| Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1. | |||||
| CVE-2023-2156 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-08-02 | N/A | 7.5 HIGH |
| A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | |||||
| CVE-2022-27382 | 1 Mariadb | 1 Mariadb | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. | |||||
| CVE-2022-32082 | 1 Mariadb | 1 Mariadb | 2022-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | |||||
| CVE-2021-3431 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | |||||
| CVE-2021-3430 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | |||||
| CVE-2022-1183 | 1 Isc | 1 Bind | 2022-07-07 | 4.3 MEDIUM | 7.5 HIGH |
| On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. | |||||
| CVE-2022-33024 | 1 Gnu | 1 Libredwg | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | |||||
| CVE-2021-30340 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-06-24 | 7.8 HIGH | 7.5 HIGH |
| Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35073 | 1 Qualcomm | 112 Ar8035, Ar8035 Firmware, Qca6390 and 109 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2019-15892 | 2 Debian, Varnish-cache | 3 Debian Linux, Varnish, Varnish Cache | 2022-06-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | |||||
| CVE-2022-29228 | 1 Envoyproxy | 1 Envoy | 2022-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31651 | 1 Sox Project | 1 Sox | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | |||||
| CVE-2020-8620 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | |||||
| CVE-2021-1422 | 1 Cisco | 9 Adaptive Security Appliance Software, Adaptive Security Virtual Appliance, Firepower 2100 and 6 more | 2022-05-31 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0. | |||||
| CVE-2022-27448 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | |||||
| CVE-2021-27500 | 1 Opener Project | 1 Opener | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
| CVE-2021-27498 | 1 Opener Project | 1 Opener | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
| CVE-2022-29339 | 1 Gpac | 1 Gpac | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | |||||
| CVE-2020-6097 | 3 Atftp Project, Debian, Opensuse | 3 Atftp, Debian Linux, Leap | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2020-12417 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-05-03 | 9.3 HIGH | 8.8 HIGH |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-36230 | 4 Apache, Apple, Debian and 1 more | 5 Bookkeeper, Mac Os X, Macos and 2 more | 2022-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||||
| CVE-2020-8623 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2022-04-28 | 4.3 MEDIUM | 7.5 HIGH |
| In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | |||||
| CVE-2020-8621 | 5 Canonical, Isc, Netapp and 2 more | 5 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 2 more | 2022-04-28 | 4.3 MEDIUM | 7.5 HIGH |
| In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. | |||||
| CVE-2020-27638 | 3 Debian, Fastd Project, Fedoraproject | 3 Debian Linux, Fastd, Fedora | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | |||||
| CVE-2021-25215 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | |||||
| CVE-2021-30326 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-3326 | 2 Gnu, Netapp | 3 Glibc, E-series Santricity Os Controller, Ontap Select Deploy Administration Utility | 2022-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | |||||
| CVE-2021-45290 | 2 Fedoraproject, Webassembly | 2 Fedora, Binaryen | 2022-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | |||||
| CVE-2021-36409 | 1 Struktur | 1 Libde265 | 2022-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. | |||||
| CVE-2021-30353 | 1 Qualcomm | 220 Ar8031, Ar8031 Firmware, Ar8035 and 217 more | 2022-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||