Total
443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39949 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2024-02-05 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | |||||
| CVE-2021-31294 | 1 Redis | 1 Redis | 2024-02-05 | N/A | 5.9 MEDIUM |
| Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. | |||||
| CVE-2023-4236 | 4 Debian, Fedoraproject, Isc and 1 more | 13 Debian Linux, Fedora, Bind and 10 more | 2024-02-05 | N/A | 7.5 HIGH |
| A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | |||||
| CVE-2023-33199 | 1 Linuxfoundation | 1 Rekor | 2024-02-04 | N/A | 5.3 MEDIUM |
| Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-23759 | 1 Facebook | 1 Fizz | 2024-02-04 | N/A | 7.5 HIGH |
| There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | |||||
| CVE-2023-29935 | 1 Llvm | 1 Llvm | 2024-02-04 | N/A | 5.5 MEDIUM |
| llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | |||||
| CVE-2023-31913 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | |||||
| CVE-2023-28425 | 1 Redis | 1 Redis | 2024-02-04 | N/A | 5.5 MEDIUM |
| Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. | |||||
| CVE-2023-31921 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | |||||
| CVE-2023-31919 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | |||||
| CVE-2023-31920 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | |||||
| CVE-2023-28856 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2024-02-04 | N/A | 6.5 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-31918 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | |||||
| CVE-2023-1428 | 1 Grpc | 1 Grpc | 2024-02-04 | N/A | 7.5 HIGH |
| There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | |||||
| CVE-2023-31916 | 1 Jerryscript | 1 Jerryscript | 2024-02-04 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | |||||
| CVE-2022-36440 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-02-04 | N/A | 7.5 HIGH |
| A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | |||||
| CVE-2022-25672 | 1 Qualcomm | 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more | 2024-02-04 | N/A | 7.5 HIGH |
| Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile | |||||
| CVE-2023-27789 | 1 Broadcom | 1 Tcpreplay | 2024-02-04 | N/A | 7.5 HIGH |
| An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. | |||||
| CVE-2022-25702 | 1 Qualcomm | 158 Apq8009, Apq8009 Firmware, Apq8017 and 155 more | 2024-02-04 | N/A | 7.5 HIGH |
| Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2023-27788 | 1 Broadcom | 1 Tcpreplay | 2024-02-04 | N/A | 7.5 HIGH |
| An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. | |||||