| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. |
|
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).
Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Note: This issue is not noticed when all the devices in the network are Juniper devices.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 20.4R3-S7;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R3.
Junos OS Evolved:
* All versions prior to 22.3R3-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R1-EVO.
|
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. |
| libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
All versions prior to 19.3R3-S10;
20.1 versions prior to 20.1R3-S4;
20.2 versions prior to 20.2R3-S6;
20.3 versions prior to 20.3R3-S6;
20.4 versions prior to 20.4R3-S5;
21.1 versions prior to 21.1R3-S4;
21.2 versions prior to 21.2R3-S3;
21.3 versions prior to 21.3R3-S2;
21.4 versions prior to 21.4R3;
22.1 versions prior to 22.1R3;
22.2 versions prior to 22.2R2;
22.3 versions prior to 22.3R2;
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S7-EVO;
21.1 versions prior to 21.1R3-S3-EVO;
21.2 versions prior to 21.2R3-S5-EVO;
21.3 versions prior to 21.3R3-S4-EVO;
21.4 versions prior to 21.4R3-EVO;
22.1 versions prior to 22.1R3-EVO;
22.2 versions prior to 22.2R2-EVO;
22.3 versions prior to 22.3R2-EVO;
|
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). |
| In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. |
| A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. |
| Transient DOS in Modem while processing RRC reconfiguration message. |
| Transient DOS in Modem while processing invalid System Information Block 1. |
| There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC's C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
|
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. |
| Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. |
| Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. |
| Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. |
