Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32475 | 1 Redhat | 1 Service Mesh | 2024-11-21 | 7.5 High |
| Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. | ||||
| CVE-2024-31744 | 2024-11-21 | 7.5 High | ||
| In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. | ||||
| CVE-2024-23850 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | ||||
| CVE-2023-44386 | 1 Vapor | 1 Vapor | 2024-11-21 | 5.3 Medium |
| Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | ||||
| CVE-2023-44175 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.5 Medium |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | ||||
| CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2024-11-21 | 7.5 High |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | ||||
| CVE-2023-38473 | 2 Avahi, Redhat | 3 Avahi, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | ||||
| CVE-2023-38472 | 2 Avahi, Redhat | 3 Avahi, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. | ||||
| CVE-2023-38471 | 2 Avahi, Redhat | 3 Avahi, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. | ||||
| CVE-2023-38470 | 2 Avahi, Redhat | 3 Avahi, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. | ||||
| CVE-2023-38469 | 2 Avahi, Redhat | 3 Avahi, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | ||||
| CVE-2023-37836 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2023-36840 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO; | ||||
| CVE-2023-34194 | 1 Tinyxml Project | 1 Tinyxml | 2024-11-21 | 7.5 High |
| StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. | ||||
| CVE-2023-33041 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csr8811 and 251 more | 2024-11-21 | 7.5 High |
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | ||||
| CVE-2023-32846 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). | ||||
| CVE-2023-32845 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). | ||||
| CVE-2023-32844 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). | ||||
| CVE-2023-32842 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). | ||||
| CVE-2023-32841 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). | ||||