Out-of-bounds

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

UBUNTU-CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...

CVE-2022-40318

CVE-2022-40318 (FRR bgpd) : In FRR up to 8.4, FRR’s bgp_open_option_parse() mishandles an option of type 0xff (Extended Length from RFC 9072), with boundary checks that don’t account for reading 3 bytes, causing denial of service via assertion failure and bgpd restart, or an out-of-bounds read. A...

CVE-2022-40302

CVE-2022-40302 affects FRRouting (FRR) bgpd through 8.4. An attacker can cause a DoS by sending a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072) due to inconsistent boundary checks that read 3 bytes instead of 2 in this case, potentially triggering an assertion failu...

Important: openldap

Issue Overview: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered...

GLSA-202305-11 : Tor: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-11 Tor: Multiple Vulnerabilities - Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka...

CVE-2022-40504 Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network...

CVE-2022-40504

CVE-2022-40504 describes a transient DoS caused by a reachable assertion in the Qualcomm modem when a UE processes a Downlink Data Indication. Connected sources identify the affected component as Qualcomm modem/firmware (e.g., 315 5G IoT Modem) with no public details on a patch or fix in the prov...

CVE-2022-40508 Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported...

CVE-2022-40508

CVE-2022-40508 is a reported transient denial-of-service caused by a reachable assertion in the Modem while processing cross-carrier scheduling configuration, not supported. The CVE entry shows a CVSS v3.1 base score of 7.5 (HIGH), with NETWORK attack vector, no privileges required, no user inter...

CVE-2022-34144 Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem during OSI decode scheduling...

CVE-2022-34144

CVE-2022-34144 is a Transient Denial of Service arising from a reachable assertion in the Modem during OSI decode scheduling. Documented across NVD/Red Hat/PRION/vuln enrichment entries, the issue targets a Modem component (Qualcomm-based ecosystems) and is rated High (CVSS 3.1: 7.5) with network...

PT-2023-13796 · Qualcomm · 315 5G Iot Modem Firmware +164

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs when a UE User Equipment receives a Downlink Data Indication message from the...

PT-2023-13342 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to a Transient DOS due to a reachable assertion in the Modem during OSI decode scheduling. Recommendations: At the moment, there is no information about a newer version...

PT-2023-13799 · Qualcomm · 315 5G Iot Modem Firmware +78

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient DOS Denial of Service due to a reachable assertion in the Modem while processing configuration related to cross...

Important: openldap

Issue Overview: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered...

Amazon Linux 2 : openldap (ALAS-2023-2033)

The version of openldap installed on the remote host is prior to 2.4.44-25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2033 advisory. An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relyi...

Command Injection

redis is vulnerable to Command Injection. The vulnerability allows authenticated users to use the 'MSETNX' command to trigger a runtime assertion and termination withing the redis server process...

PT-2023-26458 · Avahi +8 · Avahi +8

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability was found in Avahi, where a reachable assertion exists in the avahi alternative host name function. Recommendations: At the moment, there is no information about a newer versi...