Total
458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14383 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2023-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||||
| CVE-2019-14382 | 1 Openmpt | 1 Libopenmpt | 2023-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||||
| CVE-2022-2520 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | |||||
| CVE-2022-31651 | 1 Sox Project | 1 Sox | 2023-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | |||||
| CVE-2019-13223 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | |||||
| CVE-2021-36409 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-16 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. | |||||
| CVE-2015-8745 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-13 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2017-7539 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. | |||||
| CVE-2017-11683 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2022-25689 | 1 Qualcomm | 18 Ar8035, Ar8035 Firmware, Qca8081 and 15 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in Modem due to reachable assertion in Snapdragon Mobile | |||||
| CVE-2022-25675 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Qca6310 and 95 more | 2022-12-15 | N/A | 5.5 MEDIUM |
| Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2017-7605 | 1 Libaacplus Project | 1 Libaacplus | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
| CVE-2022-41893 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-34000 | 1 Libjxl Project | 1 Libjxl | 2022-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||||
| CVE-2022-26446 | 1 Mediatek | 56 Lr12a, Lr13, Mt2731 and 53 more | 2022-11-09 | N/A | 7.5 HIGH |
| In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. | |||||
| CVE-2021-45386 | 1 Broadcom | 1 Tcpreplay | 2022-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | |||||
| CVE-2021-45387 | 1 Broadcom | 1 Tcpreplay | 2022-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | |||||
| CVE-2021-30501 | 3 Fedoraproject, Redhat, Upx Project | 3 Fedora, Enterprise Linux, Upx | 2022-10-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. | |||||
| CVE-2020-1681 | 1 Juniper | 1 Junos Os Evolved | 2022-10-21 | 3.3 LOW | 6.5 MEDIUM |
| Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. | |||||