Total
445 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2023-12-10 | 2.1 LOW | 2.3 LOW |
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-10894 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | |||||
CVE-2019-13223 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | |||||
CVE-2019-15758 | 1 Webassembly | 1 Binaryen | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | |||||
CVE-2019-13113 | 3 Canonical, Exiv2, Fedoraproject | 3 Ubuntu Linux, Exiv2, Fedora | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | |||||
CVE-2019-14382 | 1 Openmpt | 1 Libopenmpt | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||||
CVE-2018-20217 | 2 Debian, Mit | 2 Debian Linux, Kerberos | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | |||||
CVE-2017-3138 | 3 Debian, Isc, Netapp | 5 Debian Linux, Bind, Data Ontap Edge and 2 more | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9. | |||||
CVE-2018-5736 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. | |||||
CVE-2018-17096 | 1 Surina | 1 Soundtouch | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | |||||
CVE-2019-0003 | 1 Juniper | 35 Ex2200\/vc, Ex2300, Ex3200 and 32 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400. | |||||
CVE-2018-5740 | 7 Canonical, Debian, Hp and 4 more | 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. | |||||
CVE-2017-3136 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. | |||||
CVE-2018-5734 | 2 Isc, Netapp | 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. | |||||
CVE-2019-6461 | 1 Cairographics | 1 Cairo | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | |||||
CVE-2018-14044 | 1 Surina | 1 Soundtouch | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | |||||
CVE-2019-7697 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. | |||||
CVE-2019-9211 | 3 Fedoraproject, Gnu, Suse | 4 Fedora, Pspp, Backports and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | |||||
CVE-2018-19539 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Leap and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | |||||
CVE-2017-7539 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. |