Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23350 | 1 Qualcomm | 50 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 47 more | 2024-11-26 | 6.5 Medium |
| Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network. | ||||
| CVE-2024-39697 | 2024-11-21 | 8.6 High | ||
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. | ||||
| CVE-2024-31744 | 2024-11-21 | 7.5 High | ||
| In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. | ||||
| CVE-2023-44386 | 1 Vapor | 1 Vapor | 2024-11-21 | 5.3 Medium |
| Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | ||||
| CVE-2023-44175 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.5 Medium |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | ||||
| CVE-2023-38976 | 1 Weaviate | 1 Weaviate | 2024-11-21 | 7.5 High |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | ||||
| CVE-2023-37836 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2023-36840 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO; | ||||
| CVE-2023-33041 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csr8811 and 251 more | 2024-11-21 | 7.5 High |
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | ||||
| CVE-2023-32846 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). | ||||
| CVE-2023-32845 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). | ||||
| CVE-2023-32844 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). | ||||
| CVE-2023-32842 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). | ||||
| CVE-2023-32841 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). | ||||
| CVE-2023-32820 | 4 Google, Linux, Linuxfoundation and 1 more | 43 Android, Linux Kernel, Yocto and 40 more | 2024-11-21 | 7.5 High |
| In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. | ||||
| CVE-2023-2156 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | ||||
| CVE-2023-21653 | 1 Qualcomm | 20 Ar8035, Ar8035 Firmware, Qca8081 and 17 more | 2024-11-21 | 7.5 High |
| Transient DOS in Modem while processing RRC reconfiguration message. | ||||
| CVE-2023-21646 | 1 Qualcomm | 108 Ar8035, Ar8035 Firmware, Qca6390 and 105 more | 2024-11-21 | 7.5 High |
| Transient DOS in Modem while processing invalid System Information Block 1. | ||||
| CVE-2023-1428 | 2 Grpc, Redhat | 2 Grpc, Enterprise Linux | 2024-11-21 | 7.5 High |
| There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | ||||
| CVE-2022-40755 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 5.5 Medium |
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | ||||