Total
430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-39697 | 2024-07-09 | N/A | 8.6 HIGH | ||
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. | |||||
CVE-2024-34475 | 2024-07-03 | N/A | 7.5 HIGH | ||
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. | |||||
CVE-2024-31744 | 2024-07-03 | N/A | 7.5 HIGH | ||
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. | |||||
CVE-2024-3567 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-06-10 | N/A | 5.5 MEDIUM |
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. | |||||
CVE-2024-3374 | 2024-05-14 | N/A | 5.3 MEDIUM | ||
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5. | |||||
CVE-2023-43529 | 2024-05-06 | N/A | 7.5 HIGH | ||
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | |||||
CVE-2023-5871 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2024-04-30 | N/A | 5.3 MEDIUM |
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. | |||||
CVE-2024-32475 | 2024-04-18 | N/A | 7.5 HIGH | ||
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. | |||||
CVE-2023-24843 | 1 Qualcomm | 132 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 129 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in Modem while triggering a camping on an 5G cell. | |||||
CVE-2023-21653 | 1 Qualcomm | 20 Ar8035, Ar8035 Firmware, Qca8081 and 17 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in Modem while processing RRC reconfiguration message. | |||||
CVE-2023-21646 | 1 Qualcomm | 108 Ar8035, Ar8035 Firmware, Qca6390 and 105 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in Modem while processing invalid System Information Block 1. | |||||
CVE-2022-40538 | 1 Qualcomm | 26 Ar8035, Ar8035 Firmware, Qca8081 and 23 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | |||||
CVE-2022-40527 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Csr8811 and 195 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | |||||
CVE-2022-40508 | 1 Qualcomm | 136 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 133 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | |||||
CVE-2022-40504 | 1 Qualcomm | 378 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 375 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | |||||
CVE-2022-34144 | 1 Qualcomm | 136 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 133 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | |||||
CVE-2022-33272 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Qca6390 and 95 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in modem due to reachable assertion. | |||||
CVE-2022-33254 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | |||||
CVE-2022-33251 | 1 Qualcomm | 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in Modem because of invalid network configuration. | |||||
CVE-2022-33250 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. |