Total
368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23312 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | |||||
| CVE-2020-23313 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 | |||||
| CVE-2020-23314 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | |||||
| CVE-2020-23319 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | |||||
| CVE-2020-23311 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. | |||||
| CVE-2020-23322 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. | |||||
| CVE-2020-23310 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. | |||||
| CVE-2020-23309 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. | |||||
| CVE-2020-23308 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. | |||||
| CVE-2020-23320 | 1 Jerryscript | 1 Jerryscript | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | |||||
| CVE-2021-29258 | 1 Envoyproxy | 1 Envoy | 2021-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion. | |||||
| CVE-2020-20214 | 1 Mikrotik | 1 Routeros | 2021-05-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | |||||
| CVE-2021-29567 | 1 Google | 1 Tensorflow | 2021-05-19 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger denial of service via `CHECK`-fails or accesses to outside the bounds of heap allocated data. Since the implementation(https://github.com/tensorflow/tensorflow/blob/38178a2f7a681a7835bb0912702a134bfe3b4d84/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L68-L80) only validates the rank of the input arguments but no constraints between dimensions(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SparseDenseCwiseMul), an attacker can abuse them to trigger internal `CHECK` assertions (and cause program termination, denial of service) or to write to memory outside of bounds of heap allocated tensor buffers. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29562 | 1 Google | 1 Tensorflow | 2021-05-18 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.IRFFT`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29561 | 1 Google | 1 Tensorflow | 2021-05-18 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from `tf.raw_ops.LoadAndRemapMatrix`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) assumes that the `ckpt_path` is always a valid scalar. However, an attacker can send any other tensor as the first argument of `LoadAndRemapMatrix`. This would cause the rank `CHECK` in `scalar<T>()()` to trigger and terminate the process. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-3502 | 1 Avahi | 1 Avahi | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. | |||||
| CVE-2017-3139 | 1 Redhat | 3 Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus | 2021-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. | |||||
| CVE-2021-1925 | 1 Qualcomm | 814 Aqt1000, Aqt1000 Firmware, Ar8031 and 811 more | 2021-05-12 | 7.8 HIGH | 7.5 HIGH |
| Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11274 | 1 Qualcomm | 492 Aqt1000, Aqt1000 Firmware, Csrb31024 and 489 more | 2021-05-12 | 7.8 HIGH | 7.5 HIGH |
| Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2019-14851 | 1 Nbdkit Project | 1 Nbdkit | 2021-03-25 | 3.5 LOW | 6.5 MEDIUM |
| A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. | |||||