Total
526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34036 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp. | |||||
| CVE-2024-34035 | 2025-02-25 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | |||||
| CVE-2024-34034 | 2025-02-25 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component. | |||||
| CVE-2025-22919 | 2025-02-19 | N/A | 6.5 MEDIUM | ||
| A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | |||||
| CVE-2023-40462 | 2 Debian, Sierrawireless | 9 Debian Linux, Aleos, Es450 and 6 more | 2025-02-13 | N/A | 7.5 HIGH |
| The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | |||||
| CVE-2023-29935 | 1 Llvm | 1 Llvm | 2025-01-29 | N/A | 5.5 MEDIUM |
| llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | |||||
| CVE-2023-37029 | 1 Linuxfoundation | 1 Magma | 2025-01-27 | N/A | 7.5 HIGH |
| Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service. | |||||
| CVE-2023-31919 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | |||||
| CVE-2023-31918 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | |||||
| CVE-2023-31913 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | |||||
| CVE-2024-24427 | 1 Open5gs | 1 Open5gs | 2025-01-24 | N/A | 7.5 HIGH |
| A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-24428 | 1 Open5gs | 1 Open5gs | 2025-01-24 | N/A | 7.5 HIGH |
| A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | |||||
| CVE-2023-31916 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | |||||
| CVE-2023-31921 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | |||||
| CVE-2023-31920 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | |||||
| CVE-2023-37024 | 2025-01-23 | N/A | 7.5 HIGH | ||
| A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element. | |||||
| CVE-2023-23759 | 1 Facebook | 1 Fizz | 2025-01-21 | N/A | 7.5 HIGH |
| There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | |||||
| CVE-2023-52569 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquired before and return the error to the caller. This is fine because all existing call chains undo anything they have done before calling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending snapshots in the transaction commit path). So remove the BUG() call and do proper error handling. This relates to a syzbot report linked below, but does not fix it because it only prevents hitting a BUG(), it does not fix the issue where somehow we attempt to use twice the same index number for different index items. | |||||
| CVE-2023-43529 | 1 Qualcomm | 322 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 319 more | 2025-01-15 | N/A | 7.5 HIGH |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | |||||
| CVE-2023-33096 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-01-10 | N/A | 7.5 HIGH |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | |||||