724 matches found
CVE-2024-21523
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...
CVE-2024-21523
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...
CVE-2024-21526
All versions of the package speaker are vulnerable to Denial of Service DoS when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash...
PT-2024-18940 · Speaker · Speaker
Name of the Vulnerable Software and Affected Versions: speaker affected versions not specified Description: The issue is related to a Denial of Service DoS condition that can occur when the channels property of the Speaker object receives unexpected input types, leading to an assert macro being...
phonenumber: panic on parsing crafted phonenumber inputs
Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...
RUSTSEC-2024-0369 phonenumber: panic on parsing crafted phonenumber inputs
Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...
CLSA-2024-1718288901 libssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" mitigations, tests/pkd/pkddaemon.c: relax pthreadkill assert in pkdstop...
ROS-20240611-09
A vulnerability in the BIND DNS server is related to a flaw in the use of assert. Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS BIND...
The vulnerability of the BIND DNS server, related to the lack of use of the assert() function, allows a hacker to trigger a service failure.
The vulnerability of the BIND DNS server is related to the insufficient use of the assert function. Exploiting this vulnerability allows a malicious actor to cause a service failure through the named parameter during DNS64 and serve-stale interactions...
The vulnerability of the NSCCD server caching daemon in the GNU C Library allows a attacker to cause a service failure.
The vulnerability of the NSCCD name server’s caching mechanism in the GNU C Library is related to the insufficient use of the assert function. Exploiting this vulnerability can allow an attacker to cause a service failure...
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following securit...
CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
RIOT RIOT-OS 缓冲区错误漏洞
RIOT RIOT-OS is an operating system for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS that stems from a lack of proper input checking and may result in a RIOT buffer overflow via assert...
PT-2024-32213
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved by adding a missing NULL pointer check within the dpcd extend address range function. This issue could lead to an ASSERT if the retu...
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
The vulnerability of the BIND DNS server component, which allows a perpetrator to cause a service failure.
The vulnerability of the BIND DNS server component is related to the lack of use of the assert function. Exploiting this vulnerability allows a remote attacker to cause a service failure...
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...
CVE-2024-26727
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...
CVE-2024-26727
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...
CVE-2024-26727 btrfs: do not ASSERT() if the newly created subvolume already got read
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...