Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-21708 | 1 Graphql-go Project | 1 Graphql-go | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended. | |||||
CVE-2021-46195 | 1 Gnu | 1 Gcc | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | |||||
CVE-2021-42717 | 4 Debian, F5, Oracle and 1 more | 5 Debian Linux, Nginx Modsecurity Waf, Http Server and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. | |||||
CVE-2021-46505 | 1 Jsish | 1 Jsish | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | |||||
CVE-2021-45832 | 1 Hdfgroup | 1 Hdf5 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). | |||||
CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
CVE-2022-23591 | 1 Google | 1 Tensorflow | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
CVE-2021-39929 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-23889 | 1 Yzmcms | 1 Yzmcms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. | |||||
CVE-2021-43519 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | |||||
CVE-2021-46509 | 1 Cesanta | 1 Mjs | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. | |||||
CVE-2021-46507 | 1 Jsish | 1 Jsish | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | |||||
CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | |||||
CVE-2021-28903 | 1 Cesnet | 1 Libyang | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. | |||||
CVE-2021-36154 | 1 Linuxfoundation | 1 Grpc Swift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. | |||||
CVE-2020-18898 | 1 Exiv2 | 1 Exiv2 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | |||||
CVE-2021-22144 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. | |||||
CVE-2021-30470 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | |||||
CVE-2021-38566 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. | |||||
CVE-2021-36773 | 4 Debian, Sciruby, Ublockorigin and 1 more | 4 Debian Linux, Nmatrix, Ublock Origin and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). |