Search
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22892 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0. | |||||
| CVE-2022-22890 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 5.0 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0. | |||||
| CVE-2021-46351 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. | |||||
| CVE-2021-46350 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0. | |||||
| CVE-2021-46349 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. | |||||
| CVE-2021-46348 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0. | |||||
| CVE-2021-46347 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. | |||||
| CVE-2021-46346 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. | |||||
| CVE-2021-46345 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0. | |||||
| CVE-2021-46344 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. | |||||
| CVE-2021-46343 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. | |||||
| CVE-2021-46342 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0. | |||||
| CVE-2021-46340 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0. | |||||
| CVE-2021-46339 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0. | |||||
| CVE-2021-46338 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 5.0 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0. | |||||
| CVE-2021-46337 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0. | |||||
| CVE-2021-46336 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0. | |||||
| CVE-2021-36409 | 1 Struktur | 1 Libde265 | 2022-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. | |||||
| CVE-2021-30353 | 1 Qualcomm | 220 Ar8031, Ar8031 Firmware, Ar8035 and 217 more | 2022-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30287 | 1 Qualcomm | 116 Ar8035, Ar8035 Firmware, Qca6390 and 113 more | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30307 | 1 Qualcomm | 172 Ar8035, Ar8035 Firmware, Csrb31024 and 169 more | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | |||||
| CVE-2021-46052 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | |||||
| CVE-2021-46054 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||||
| CVE-2021-46055 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||||
| CVE-2021-46048 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | |||||
| CVE-2021-30335 | 1 Qualcomm | 348 Apq8009w, Apq8009w Firmware, Aqt1000 and 345 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30293 | 1 Qualcomm | 152 Ar6003, Ar6003 Firmware, Ar8035 and 149 more | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | |||||
| CVE-2021-30273 | 1 Qualcomm | 148 Apq8009w, Apq8009w Firmware, Apq8096au and 145 more | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | |||||
| CVE-2021-43849 | 3 Apple, Cordova Plugin Fingerprint All-in-one Project, Google | 3 Iphone Os, Cordova Plugin Fingerprint All-in-one, Android | 2022-01-11 | 2.1 LOW | 5.5 MEDIUM |
| cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. | |||||
| CVE-2020-27617 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-01-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | |||||
| CVE-2020-20265 | 1 Mikrotik | 1 Routeros | 2022-01-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. | |||||
| CVE-2021-20217 | 1 Privoxy | 1 Privoxy | 2021-12-14 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20272 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2021-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. | |||||
| CVE-2021-44022 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-12-06 | 2.1 LOW | 5.5 MEDIUM |
| A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2019-25037 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2019-25036 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2019-25041 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2020-8622 | 8 Canonical, Debian, Fedoraproject and 5 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2021-12-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. | |||||
| CVE-2018-5269 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | |||||
| CVE-2021-32037 | 1 Mongodb | 1 Mongodb | 2021-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. | |||||
| CVE-2018-5740 | 5 Canonical, Debian, Isc and 2 more | 9 Ubuntu Linux, Debian Linux, Bind and 6 more | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. | |||||
| CVE-2021-1982 | 1 Qualcomm | 144 Ar8035, Ar8035 Firmware, Qca6390 and 141 more | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-41200 | 1 Google | 1 Tensorflow | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2018-20217 | 2 Debian, Mit | 2 Debian Linux, Kerberos | 2021-10-18 | 3.5 LOW | 5.3 MEDIUM |
| A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | |||||
| CVE-2021-33600 | 1 F-secure | 1 Internet Gatekeeper | 2021-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product. | |||||
| CVE-2021-1971 | 1 Qualcomm | 242 Aqt1000, Aqt1000 Firmware, Ar8035 and 239 more | 2021-09-22 | 7.8 HIGH | 7.5 HIGH |
| Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-36420 | 1 Polipo Project | 1 Polipo | 2021-09-20 | 4.3 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-25218 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition. | |||||
| CVE-2020-25710 | 4 Debian, Fedoraproject, Openldap and 1 more | 7 Debian Linux, Fedora, Openldap and 4 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25709 | 4 Apple, Debian, Openldap and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | |||||