Total
609 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45861 | 1 Tsmuxer Project | 1 Tsmuxer | 2024-11-21 | 5.5 Medium |
| There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. | ||||
| CVE-2021-45387 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.5 Medium |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | ||||
| CVE-2021-45386 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.5 Medium |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | ||||
| CVE-2021-45290 | 2 Fedoraproject, Webassembly | 2 Fedora, Binaryen | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | ||||
| CVE-2021-44994 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. | ||||
| CVE-2021-44993 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. | ||||
| CVE-2021-44022 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-43849 | 3 Apple, Cordova Plugin Fingerprint All-in-one Project, Google | 3 Iphone Os, Cordova Plugin Fingerprint All-in-one, Android | 2024-11-21 | 6.2 Medium |
| cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. | ||||
| CVE-2021-41200 | 1 Google | 1 Tensorflow | 2024-11-21 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | ||||
| CVE-2021-40083 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 7.5 High |
| Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | ||||
| CVE-2021-3531 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 5.3 Medium |
| A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | ||||
| CVE-2021-3502 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. | ||||
| CVE-2021-3454 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | ||||
| CVE-2021-3431 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | ||||
| CVE-2021-3430 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.5 Medium |
| Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | ||||
| CVE-2021-3326 | 6 Debian, Fujitsu, Gnu and 3 more | 18 Debian Linux, M10-1, M10-1 Firmware and 15 more | 2024-11-21 | 7.5 High |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2021-39283 | 1 Live555 | 1 Live555 | 2024-11-21 | 5.5 Medium |
| liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. | ||||
| CVE-2021-38385 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | ||||
| CVE-2021-38291 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 7.5 High |
| FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | ||||
| CVE-2021-37644 | 1 Google | 1 Tensorflow | 2024-11-21 | 5.5 Medium |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | ||||