Search
Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
| CVE-2017-15871 | 1 Serialize-to-js Project | 1 Serialize-to-js | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file. | |||||
| CVE-2019-18817 | 1 Istio | 1 Istio | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | |||||
| CVE-2019-18836 | 2 Envoyproxy, Istio | 2 Envoy, Istio | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | |||||
| CVE-2018-19777 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | |||||
| CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2019-11-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | |||||
| CVE-2018-12154 | 1 Intel | 1 Graphics Driver | 2019-10-30 | 2.1 LOW | 5.5 MEDIUM |
| Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access. | |||||
| CVE-2019-18217 | 1 Proftpd | 1 Proftpd | 2019-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | |||||
| CVE-2019-17350 | 1 Xen | 1 Xen | 2019-10-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | |||||
| CVE-2019-17349 | 1 Xen | 1 Xen | 2019-10-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | |||||
| CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | |||||
| CVE-2018-1041 | 2 Jboss, Redhat | 3 Jboss-remoting, Jboss Enterprise Application Platform, Linux | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | |||||
| CVE-2018-14629 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | |||||
| CVE-2018-14621 | 1 Libtirpc Project | 1 Libtirpc | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2646 | 1 Redhat | 1 Keycloak | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks. | |||||
| CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | |||||
| CVE-2018-15856 | 2 Canonical, Xkbcommon | 2 Ubuntu Linux, Xkbcommon | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | |||||
| CVE-2018-14445 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | |||||
| CVE-2018-14051 | 1 Libwav Project | 1 Libwav | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. | |||||
| CVE-2018-14347 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | |||||
| CVE-2018-1339 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. | |||||
| CVE-2018-1338 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | |||||
| CVE-2018-12913 | 1 Miniz Project | 1 Miniz | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. | |||||
| CVE-2018-12418 | 1 Junrar Project | 1 Junrar | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. | |||||
| CVE-2018-12228 | 1 Asterisk | 1 Open Source | 2019-10-03 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. | |||||
| CVE-2018-11657 | 1 Miniupnp Project | 1 Ngiflib | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | |||||
| CVE-2018-10981 | 2 Debian, Xen | 2 Debian Linux, Xen | 2019-10-03 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | |||||
| CVE-2018-10938 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-03 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw. | |||||
| CVE-2018-10546 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | |||||
| CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||||
| CVE-2018-1000864 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | |||||
| CVE-2018-1000075 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2017-9461 | 3 Debian, Redhat, Samba | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-10-03 | 6.8 MEDIUM | 6.5 MEDIUM |
| smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | |||||
| CVE-2017-9358 | 1 Asterisk | 2 Certified Asterisk, Open Source | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | |||||
| CVE-2017-9346 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||||
| CVE-2017-9345 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | |||||
| CVE-2017-9352 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | |||||
| CVE-2017-9349 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |||||
| CVE-2017-9258 | 1 Surina | 1 Soundtouch | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. | |||||
| CVE-2017-9222 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||||
| CVE-2017-9210 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. | |||||
| CVE-2017-9209 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | |||||
| CVE-2017-9208 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | |||||
| CVE-2017-9094 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||||
| CVE-2017-9093 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||||
| CVE-2017-9023 | 1 Strongswan | 1 Strongswan | 2019-10-03 | 4.3 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |||||
| CVE-2018-8036 | 1 Apache | 1 Pdfbox | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | |||||
| CVE-2017-8054 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. | |||||