Total
458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13746 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
| CVE-2017-13745 | 1 Jasper Project | 1 Jasper | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. | |||||
| CVE-2017-13673 | 1 Qemu | 1 Qemu | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | |||||
| CVE-2017-11368 | 2 Fedoraproject, Mit | 3 Fedora, Kerberos, Kerberos 5 | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |||||
| CVE-2016-9399 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Leap | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2016-9398 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 6 Fedora, Jasper, Leap and 3 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2016-9397 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2021-46784 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2023-10-22 | N/A | 6.5 MEDIUM |
| In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | |||||
| CVE-2023-44175 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-10-19 | N/A | 7.5 HIGH |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | |||||
| CVE-2023-44386 | 1 Vapor | 1 Vapor | 2023-10-11 | N/A | 5.3 MEDIUM |
| Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | |||||
| CVE-2022-35205 | 1 Gnu | 1 Binutils | 2023-10-06 | N/A | 5.5 MEDIUM |
| An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. | |||||
| CVE-2023-32820 | 4 Google, Linux, Linuxfoundation and 1 more | 43 Android, Linux Kernel, Yocto and 40 more | 2023-10-03 | N/A | 7.5 HIGH |
| In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. | |||||
| CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | |||||
| CVE-2022-38349 | 1 Freedesktop | 1 Poppler | 2023-08-28 | N/A | 6.5 MEDIUM |
| An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2023-08-25 | N/A | 6.5 MEDIUM |
| A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | |||||
| CVE-2021-46179 | 1 Upx Project | 1 Upx | 2023-08-25 | N/A | 6.5 MEDIUM |
| Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. | |||||
| CVE-2023-39534 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-08-22 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-39949 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-08-21 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | |||||
| CVE-2021-31294 | 1 Redis | 1 Redis | 2023-08-14 | N/A | 5.9 MEDIUM |
| Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. | |||||
| CVE-2022-48363 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2023-08-08 | N/A | 7.5 HIGH |
| In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | |||||