Total
553 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13595 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets. | |||||
| CVE-2020-12417 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
| CVE-2020-11296 | 1 Qualcomm | 1064 Apq8009, Apq8009 Firmware, Apq8017 and 1061 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11280 | 1 Qualcomm | 824 Aqt1000, Aqt1000 Firmware, Ar7420 and 821 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11278 | 1 Qualcomm | 754 Aqt1000, Aqt1000 Firmware, Ar8031 and 751 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11274 | 1 Qualcomm | 492 Aqt1000, Aqt1000 Firmware, Csrb31024 and 489 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11218 | 1 Qualcomm | 548 Apq8017, Apq8017 Firmware, Apq8053 and 545 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11135 | 1 Qualcomm | 54 Apq8098, Apq8098 Firmware, Kamorta and 51 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-10761 | 4 Canonical, Opensuse, Qemu and 1 more | 4 Ubuntu Linux, Leap, Qemu and 1 more | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. | |||||
| CVE-2019-9795 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2024-11-21 | 2.1 LOW | 2.3 LOW |
| In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9211 | 3 Fedoraproject, Gnu, Suse | 4 Fedora, Pspp, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | |||||
| CVE-2019-7697 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. | |||||
| CVE-2019-7662 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file. | |||||
| CVE-2019-6476 | 1 Isc | 1 Bind | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4. | |||||
| CVE-2019-6473 | 1 Ics | 1 Kea | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||||
| CVE-2019-6472 | 1 Isc | 1 Kea | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||||
| CVE-2019-6471 | 2 F5, Isc | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. | |||||
| CVE-2019-6469 | 1 Isc | 1 Bind | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. | |||||