Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13113 | 4 Canonical, Exiv2, Fedoraproject and 1 more | 4 Ubuntu Linux, Exiv2, Fedora and 1 more | 2024-08-04 | 6.5 Medium |
| Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | ||||
| CVE-2019-12312 | 2 Libreswan, Redhat | 2 Libreswan, Enterprise Linux | 2024-08-04 | N/A |
| In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. | ||||
| CVE-2019-11499 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2024-08-04 | 7.5 High |
| In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | ||||
| CVE-2019-10894 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-04 | 7.5 High |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | ||||
| CVE-2019-10055 | 1 Suricata-ids | 1 Suricata | 2024-08-04 | N/A |
| An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. | ||||
| CVE-2019-9795 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-08-04 | N/A |
| A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||
| CVE-2019-9455 | 3 Google, Opensuse, Redhat | 3 Android, Leap, Enterprise Linux | 2024-08-04 | 2.3 Low |
| In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-9211 | 3 Fedoraproject, Gnu, Suse | 4 Fedora, Pspp, Backports and 1 more | 2024-08-04 | N/A |
| There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | ||||
| CVE-2019-7697 | 1 Axiosys | 1 Bento4 | 2024-08-04 | N/A |
| An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. | ||||
| CVE-2019-7662 | 1 Webassembly | 1 Binaryen | 2024-08-04 | 6.5 Medium |
| An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file. | ||||
| CVE-2019-6461 | 1 Cairographics | 1 Cairo | 2024-08-04 | 6.5 Medium |
| An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | ||||
| CVE-2019-5716 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-04 | N/A |
| In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | ||||
| CVE-2019-5020 | 1 Virustotal | 1 Yara | 2024-08-04 | 5.5 Medium |
| An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. | ||||
| CVE-2020-36420 | 1 Polipo Project | 1 Polipo | 2024-08-04 | 7.5 High |
| Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-36562 | 1 Dht Project | 1 Dht | 2024-08-04 | 7.5 High |
| Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. | ||||
| CVE-2020-36382 | 1 Openvpn | 1 Openvpn Access Server | 2024-08-04 | 7.5 High |
| OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service. | ||||
| CVE-2020-36222 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-08-04 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | ||||
| CVE-2020-36230 | 4 Apache, Apple, Debian and 1 more | 5 Bookkeeper, Mac Os X, Macos and 2 more | 2024-08-04 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | ||||
| CVE-2020-29562 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Glibc, E-series Santricity Os Controller | 2024-08-04 | 4.8 Medium |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2020-27638 | 3 Debian, Fastd Project, Fedoraproject | 3 Debian Linux, Fastd, Fedora | 2024-08-04 | 7.5 High |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | ||||