CVE-2021-1937

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2020-21047

The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write CWE-787, off-by-one error CWE-193 and reachable assertion CWE-617; to exploit the vulnerability, the attackers...

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway mus...

CVE-2020-20225

Mikrotik RouterOs before 6.47 stable tree suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-20214

Mikrotik RouterOs 6.44.6 long-term tree suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

CVE-2020-13595

The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...

CVE-2020-11135

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439,...

CVE-2020-20211

Mikrotik RouterOs 6.44.5 long-term tree suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-6623

stb stbtruetype.h through 1.22 has an assertion failure in stbttcffgetindex...

CVE-2020-20262

Mikrotik RouterOs before 6.47 stable tree suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-6617

stb stbtruetype.h through 1.22 has an assertion failure in stbttcffint...

CVE-2020-6619

stb stbtruetype.h through 1.22 has an assertion failure in stbttbufseek...

CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

CVE-2019-14382

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs...

CVE-2019-14383

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs...

CVE-2018-12504

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h...

CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

K000151474: GNU C Library vulnerability CVE-2025-0395

Security Advisory Description When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-03...

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...