Total
442 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2023-12-10 | N/A | 7.5 HIGH |
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | |||||
CVE-2021-31294 | 1 Redis | 1 Redis | 2023-12-10 | N/A | 5.9 MEDIUM |
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. | |||||
CVE-2023-44175 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-12-10 | N/A | 7.5 HIGH |
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | |||||
CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | |||||
CVE-2023-39949 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-12-10 | N/A | 7.5 HIGH |
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | |||||
CVE-2023-38469 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | |||||
CVE-2023-44386 | 1 Vapor | 1 Vapor | 2023-12-10 | N/A | 5.3 MEDIUM |
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | |||||
CVE-2022-38349 | 1 Freedesktop | 1 Poppler | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | |||||
CVE-2023-38473 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | |||||
CVE-2023-37836 | 1 Jpeg | 1 Libjpeg | 2023-12-10 | N/A | 6.5 MEDIUM |
libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
CVE-2023-38470 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. | |||||
CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2023-12-10 | N/A | 6.5 MEDIUM |
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | |||||
CVE-2022-35205 | 1 Gnu | 1 Binutils | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. | |||||
CVE-2023-31916 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | |||||
CVE-2023-28856 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2023-12-10 | N/A | 6.5 MEDIUM |
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-34867 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 7.5 HIGH |
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. | |||||
CVE-2023-34868 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 7.5 HIGH |
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. | |||||
CVE-2023-1428 | 1 Grpc | 1 Grpc | 2023-12-10 | N/A | 7.5 HIGH |
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | |||||
CVE-2023-31913 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | |||||
CVE-2023-31919 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. |