Total
430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27448 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | |||||
CVE-2022-24777 | 1 Linuxfoundation | 1 Grpc Swift | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds. | |||||
CVE-2022-25484 | 1 Broadcom | 1 Tcpreplay | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. | |||||
CVE-2021-45387 | 1 Broadcom | 1 Tcpreplay | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | |||||
CVE-2022-1183 | 2 Isc, Netapp | 11 Bind, H300s, H300s Firmware and 8 more | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. | |||||
CVE-2021-27500 | 1 Opener Project | 1 Opener | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
CVE-2022-32978 | 1 Jpeg | 1 Libjpeg | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | |||||
CVE-2022-31620 | 1 Libjpeg Project | 1 Libjpeg | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. | |||||
CVE-2022-31009 | 1 Wire | 1 Wire | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client. | |||||
CVE-2021-30332 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qca6390 and 107 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-27938 | 1 Libsixel Project | 1 Libsixel | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | |||||
CVE-2021-27498 | 1 Opener Project | 1 Opener | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | |||||
CVE-2021-45861 | 1 Tsmuxer Project | 1 Tsmuxer | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. | |||||
CVE-2022-29339 | 1 Gpac | 1 Gpac | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | |||||
CVE-2022-29213 | 1 Google | 1 Tensorflow | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||||
CVE-2021-30328 | 1 Qualcomm | 96 Ar8035, Ar8035 Firmware, Qca6390 and 93 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-20694 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 7.1 HIGH | 6.8 MEDIUM |
A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. | |||||
CVE-2022-24272 | 1 Mongodb | 1 Mongodb | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6. | |||||
CVE-2022-29977 | 1 Libsixel Project | 1 Libsixel | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. |