DEBIAN-CVE-2026-48852

PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...

Astra Linux - уязвимость в mariadb-10.3

There is an assertion failure in MariaDB Server v10.9 and below due to the condition 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

CVE-2026-33952

CVE-2026-33952 is associated with a DoS condition due to a WINPR_ASSERT flaw in the function rts_read_auth_verifier_no_checks, as described by the Debian security tracker entry. The description indicates the issue arises in that specific routine, leading to denial of service; no additional detail...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

FreeRDP 安全漏洞

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . A denial of service vulnerability exists in FreeRDP. The vulnerability arises because the IMA ADPCM audio decoding process does not validate the step index parameter, resulting in out-of-bounds access to the...

SUSE-SU-2026:20870-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

ALPINE-CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

CVE-2026-1737

Open5GS vulnerability CVE-2026-1737 affects Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request in src/sgwc/s5c-handler.c (CreateBearerRequest Handler). Manipulation can trigger a reachable assertion, enabling remote exploitation. Public exploit availab...

MiracleLinux 4 : bind-9.8.2-0.68.8.0.1.rc1.AXS4 (AXSA:2020-735:07)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-735:07 advisory. bind: truncated TSIG response can lead to an assertion failure CVE-2020-8622 Tenable has extracted the preceding description block directly from the...

OESA-2025-2758 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious...

Linux Distros Unpatched Vulnerability : CVE-2021-44993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion ''ecmaisvalueboolean basevalue'' failed at /jerry-core/ecma/operations/ecma- get-put-value.c in Jerryscript 3.0.0. CVE-2021-44993 Note tha...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Linux Distros Unpatched Vulnerability : CVE-2024-53429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash. CVE-2024-53429 Note that Nessus relies on the presence of the package ...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

SUSE CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

AZL-61972 CVE-2025-40775 affecting package bind for versions less than 9.20.9-1

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

Silicon Labs Ember ZNet 安全漏洞

Silicon Labs Ember ZNet is a protocol stack software from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Ember ZNet that originates from a buffer overflow that occurs during the processing of malformed packets at the APS layer, which may result in an assertion failure...

AZL-46966 CVE-2024-4076 affecting package bind for versions less than 9.20.0-1

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...