Total
368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11683 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2020-36562 | 1 Dht Project | 1 Dht | 2023-01-06 | N/A | 7.5 HIGH |
| Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. | |||||
| CVE-2022-29917 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 9.8 CRITICAL |
| Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-34484 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 8.8 HIGH |
| The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-25691 | 1 Qualcomm | 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile | |||||
| CVE-2022-25689 | 1 Qualcomm | 18 Ar8035, Ar8035 Firmware, Qca8081 and 15 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in Modem due to reachable assertion in Snapdragon Mobile | |||||
| CVE-2022-25675 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Qca6310 and 95 more | 2022-12-15 | N/A | 5.5 MEDIUM |
| Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-25672 | 1 Qualcomm | 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile | |||||
| CVE-2022-25673 | 1 Qualcomm | 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile | |||||
| CVE-2022-25702 | 1 Qualcomm | 158 Apq8009, Apq8009 Firmware, Apq8017 and 155 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-25692 | 1 Qualcomm | 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more | 2022-12-15 | N/A | 7.5 HIGH |
| Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2017-7605 | 1 Libaacplus Project | 1 Libaacplus | 2022-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2022-32082 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2022-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | |||||
| CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
| CVE-2022-41893 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-25671 | 1 Qualcomm | 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more | 2022-11-17 | N/A | 7.5 HIGH |
| Denial of service in MODEM due to reachable assertion in Snapdragon Mobile | |||||
| CVE-2022-34000 | 1 Libjxl Project | 1 Libjxl | 2022-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||||
| CVE-2022-26446 | 1 Mediatek | 56 Lr12a, Lr13, Mt2731 and 53 more | 2022-11-09 | N/A | 7.5 HIGH |
| In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. | |||||
| CVE-2021-3326 | 5 Debian, Fujitsu, Gnu and 2 more | 17 Debian Linux, M10-1, M10-1 Firmware and 14 more | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | |||||
| CVE-2021-3531 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | |||||