Total
528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3374 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5. | |||||
| CVE-2024-39697 | 2024-11-21 | N/A | 8.6 HIGH | ||
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. | |||||
| CVE-2024-33255 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. | |||||
| CVE-2024-32475 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. | |||||
| CVE-2024-31744 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. | |||||
| CVE-2024-25445 | 1 Hugin Project | 1 Hugin | 2024-11-21 | N/A | 7.8 HIGH |
| Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | |||||
| CVE-2024-23850 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | |||||
| CVE-2023-5871 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2024-11-21 | N/A | 5.3 MEDIUM |
| A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. | |||||
| CVE-2023-5517 | 3 Fedoraproject, Isc, Netapp | 3 Fedora, Bind, Active Iq Unified Manager | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | |||||
| CVE-2023-4236 | 4 Debian, Fedoraproject, Isc and 1 more | 13 Debian Linux, Fedora, Bind and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | |||||
| CVE-2023-49286 | 1 Squid-cache | 1 Squid | 2024-11-21 | N/A | 8.6 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44386 | 1 Vapor | 1 Vapor | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | |||||
| CVE-2023-44175 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | |||||
| CVE-2023-43523 | 1 Qualcomm | 284 Ar8035, Ar8035 Firmware, Csr8811 and 281 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS while processing 11AZ RTT management action frame received through OTA. | |||||
| CVE-2023-3301 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-11-21 | N/A | 5.6 MEDIUM |
| A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | |||||
| CVE-2023-39949 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2024-11-21 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-39534 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2024-11-21 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | |||||
| CVE-2023-38473 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2024-11-21 | N/A | 6.2 MEDIUM |
| A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | |||||
| CVE-2023-38472 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2024-11-21 | N/A | 6.2 MEDIUM |
| A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. | |||||