Total
458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12543 | 1 Eclipse | 1 Mosquitto | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit. | |||||
| CVE-2017-3138 | 3 Debian, Isc, Netapp | 5 Debian Linux, Bind, Data Ontap Edge and 2 more | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9. | |||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | |||||
| CVE-2018-14044 | 1 Surina | 1 Soundtouch | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | |||||
| CVE-2017-12434 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c. | |||||
| CVE-2018-10963 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | |||||
| CVE-2017-9500 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-9501 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-7508 | 1 Openvpn | 1 Openvpn | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |||||
| CVE-2017-9499 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-0376 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |||||
| CVE-2017-17432 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | |||||
| CVE-2017-0375 | 1 Torproject | 1 Tor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||||
| CVE-2017-5981 | 1 Zziplib Project | 1 Zziplib | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | |||||
| CVE-2017-1000252 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | |||||
| CVE-2017-18169 | 1 Google | 1 Android | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2017-13727 | 1 Libtiff | 1 Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-4113 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | |||||
| CVE-2017-12959 | 1 Gnu | 1 Pspp | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |||||
| CVE-2018-9055 | 1 Jasper Project | 1 Jasper | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | |||||