Total
680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-9211 | 3 Fedoraproject, Gnu, Suse | 4 Fedora, Pspp, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
|
|||||
| CVE-2019-7697 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.
|
|||||
| CVE-2019-7662 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.
|
|||||
| CVE-2019-6476 | 1 Isc | 1 Bind | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
|
|||||
| CVE-2019-6473 | 1 Ics | 1 Kea | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
|
|||||
| CVE-2019-6472 | 1 Isc | 1 Kea | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
|
|||||
| CVE-2019-6471 | 2 F5, Isc | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
|
|||||
| CVE-2019-6469 | 1 Isc | 1 Bind | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.
|
|||||
| CVE-2019-6468 | 1 Isc | 1 Bind | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.
|
|||||
| CVE-2019-6467 | 1 Isc | 1 Bind | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9. ...
Show More |
|||||
| CVE-2019-6461 | 1 Cairographics | 1 Cairo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
|
|||||
| CVE-2019-5020 | 1 Virustotal | 1 Yara | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.
|
|||||
| CVE-2019-25041 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
|
|||||
| CVE-2019-25037 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
|
|||||
| CVE-2019-25036 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
|
|||||
| CVE-2019-20056 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
|
|||||
| CVE-2019-18844 | 1 Linux | 1 Acrn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.
|
|||||
| CVE-2019-15892 | 3 Debian, Varnish-software, Varnish Cache Project | 3 Debian Linux, Varnish Cache, Varnish Cache | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
|
|||||
| CVE-2019-15758 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.
|
|||||
| CVE-2019-14851 | 1 Nbdkit Project | 1 Nbdkit | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.
|
|||||
| CVE-2019-14383 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
|
|||||
| CVE-2019-14382 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
|
|||||
| CVE-2019-14049 | 1 Qualcomm | 42 Apq8017, Apq8017 Firmware, Apq8053 and 39 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130
|
|||||
| CVE-2019-14022 | 1 Qualcomm | 80 Apq8096au, Apq8096au Firmware, Mdm9205 and 77 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, MDM9205, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM67 ...
Show More |
|||||
| CVE-2019-13223 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
|
|||||
| CVE-2019-13113 | 3 Canonical, Exiv2, Fedoraproject | 3 Ubuntu Linux, Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
|
|||||
| CVE-2019-12312 | 1 Libreswan | 1 Libreswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
|
|||||
| CVE-2019-10894 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
|
|||||
| CVE-2019-10055 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.
|
|||||
| CVE-2019-1010173 | 1 Jsish | 1 Jsish | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.
|
|||||
| CVE-2019-0003 | 1 Juniper | 35 Ex2200\/vc, Ex2300, Ex3200 and 32 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions p ...
Show More |
|||||
| CVE-2018-9303 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.
|
|||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
|
|||||
| CVE-2018-9055 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
|
|||||
| CVE-2018-7714 | 1 Opencv | 1 Opencv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
|
|||||
| CVE-2018-7713 | 1 Opencv | 1 Opencv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
|
|||||
| CVE-2018-7712 | 1 Opencv | 1 Opencv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
|
|||||
| CVE-2018-5742 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
|
|||||
| CVE-2018-5740 | 7 Canonical, Debian, Hp and 4 more | 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
|
|||||