PT-2019-13654 · Openmpt +1 · Libopenmpt +1

Name of the Vulnerable Software and Affected Versions: libopenmpt versions prior to 0.4.2 Description: The issue is related to J2B in libopenmpt, which allows an assertion failure during file parsing when using debug STLs. Recommendations: For versions prior to 0.4.2, update to version 0.4.2 or...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

Code injection

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

CVE-2019-1010173

CVE-2019-1010173 affects Jsish 2.4.84 (2.0484). The vulnerability is a Reachable Assertion in Jsi_ValueArrayIndex (jsiValue.c:366) that can cause a denial of service when crafting JavaScript code is executed. The fixed version is available after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3. Ex...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

RHEL 8 : bind (RHSA-2019:1714)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1714 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C Tenable...

bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure

A race condition leading to denial of service was found in the way bind handled certain malformed packets. A remote attacker who could cause the bind resolver to perform queries on a server, which responds deliberately with malformed answers, could cause named to exit...

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

ALPINE-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

CVE-2019-13113

CVE-2019-13113 affects Exiv2 up to version 0.27.1, where an invalid data location in a CRW image file can cause a denial of service (crash). Public advisories list Exiv2 updates to 0.27.2 as the fix (and/or replacements in later releases); exploitation or in-wild details are not provided in the s...

PT-2019-5330 · Exiv2 +7 · Exiv2 +7

Name of the Vulnerable Software and Affected Versions: Exiv2 versions prior to 0.27.2 Description: The issue is related to insufficient input validation in the Exiv2 library for managing media file metadata. An attacker can exploit this by using a specially crafted CRW image file, potentially...

UBUNTU-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

ISC BIND Race Condition Vulnerability (CVE-2019-6471)

According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is between 9.11.0 and 9.11.7, 9.11.3-S1 and 9.11.7-S1, 9.12.0 and 9.12.4-P1, 9.13.x, 9.14.0 and 9.14.3, or 9.15 It is, therefore, affected by a race condition vulnerability, which may cause BIND t...

CVE-2018-15913

An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be...

UBUNTU-CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...

CVE-2018-20013

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadataid!=0 assertion, leading to shutting down the client application...

CVE-2019-12822

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...

Authentication flaw

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...