Total
458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23970 | 1 Mozilla | 1 Firefox | 2022-05-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | |||||
| CVE-2021-27500 | 1 Opener Project | 1 Opener | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
| CVE-2021-27498 | 1 Opener Project | 1 Opener | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
| CVE-2022-29977 | 1 Libsixel Project | 1 Libsixel | 2022-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. | |||||
| CVE-2022-29339 | 1 Gpac | 1 Gpac | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | |||||
| CVE-2020-6097 | 3 Atftp Project, Debian, Opensuse | 3 Atftp, Debian Linux, Leap | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2022-24272 | 1 Mongodb | 1 Mongodb | 2022-05-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6. | |||||
| CVE-2020-12417 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-05-03 | 9.3 HIGH | 8.8 HIGH |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-8621 | 5 Canonical, Isc, Netapp and 2 more | 5 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 2 more | 2022-04-28 | 4.3 MEDIUM | 7.5 HIGH |
| In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. | |||||
| CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2022-04-22 | 2.1 LOW | 2.3 LOW |
| In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-46666 | 1 Mariadb | 1 Mariadb | 2022-04-13 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | |||||
| CVE-2018-5740 | 7 Canonical, Debian, Hp and 4 more | 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. | |||||
| CVE-2021-28905 | 1 Cesnet | 1 Libyang | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). | |||||
| CVE-2022-24777 | 1 Linuxfoundation | 1 Grpc Swift | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds. | |||||
| CVE-2022-27938 | 1 Libsixel Project | 1 Libsixel | 2022-03-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | |||||
| CVE-2022-25484 | 1 Broadcom | 1 Tcpreplay | 2022-03-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. | |||||
| CVE-2021-45861 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-03-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. | |||||
| CVE-2022-23588 | 1 Google | 1 Tensorflow | 2022-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23586 | 1 Google | 1 Tensorflow | 2022-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23571 | 1 Google | 1 Tensorflow | 2022-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||