Total
442 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-31918 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | |||||
CVE-2023-33199 | 1 Linuxfoundation | 1 Rekor | 2023-12-10 | N/A | 5.3 MEDIUM |
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-31920 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | |||||
CVE-2023-31921 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | N/A | 5.5 MEDIUM |
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | |||||
CVE-2023-23759 | 1 Facebook | 1 Fizz | 2023-12-10 | N/A | 7.5 HIGH |
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | |||||
CVE-2023-29935 | 1 Llvm | 1 Llvm | 2023-12-10 | N/A | 5.5 MEDIUM |
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | |||||
CVE-2020-36562 | 1 Dht Project | 1 Dht | 2023-12-10 | N/A | 7.5 HIGH |
Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. | |||||
CVE-2022-3924 | 1 Isc | 1 Bind | 2023-12-10 | N/A | 7.5 HIGH |
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. | |||||
CVE-2022-47516 | 1 Drachtio | 1 Drachtio-server | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. | |||||
CVE-2022-25702 | 1 Qualcomm | 158 Apq8009, Apq8009 Firmware, Apq8017 and 155 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
CVE-2023-27789 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | N/A | 7.5 HIGH |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. | |||||
CVE-2022-25692 | 1 Qualcomm | 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
CVE-2022-25691 | 1 Qualcomm | 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile | |||||
CVE-2022-41899 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
CVE-2022-25689 | 1 Qualcomm | 18 Ar8035, Ar8035 Firmware, Qca8081 and 15 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in Modem due to reachable assertion in Snapdragon Mobile | |||||
CVE-2023-27783 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | N/A | 7.5 HIGH |
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | |||||
CVE-2023-27788 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | N/A | 7.5 HIGH |
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. | |||||
CVE-2022-41901 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
CVE-2022-25673 | 1 Qualcomm | 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile | |||||
CVE-2022-25672 | 1 Qualcomm | 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile |