Total
430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000252 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | |||||
CVE-2017-13726 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |||||
CVE-2017-16818 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | |||||
CVE-2017-11683 | 2 Canonical, Exiv2 | 2 Ubuntu Linux, Exiv2 | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
CVE-2017-13132 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. | |||||
CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2018-5269 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | |||||
CVE-2017-13746 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-12959 | 1 Gnu | 1 Pspp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |||||
CVE-2017-12960 | 1 Gnu | 1 Pspp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||||
CVE-2017-11368 | 2 Fedoraproject, Mit | 3 Fedora, Kerberos, Kerberos 5 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |||||
CVE-2017-13673 | 1 Qemu | 1 Qemu | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | |||||
CVE-2017-15371 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |||||
CVE-2017-13658 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | |||||
CVE-2016-9397 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
CVE-2017-7605 | 1 Libaacplus Project | 1 Libaacplus | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
CVE-2017-5981 | 1 Zziplib Project | 1 Zziplib | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | |||||
CVE-2017-8915 | 1 Sap | 1 Hana Xs | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. | |||||
CVE-2017-9142 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||||
CVE-2017-5986 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. |