Total
225 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11413 | 1 Artifex | 1 Mujs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. | |||||
CVE-2018-20994 | 1 Trust-dns-proto Project | 1 Trust-dns-proto | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | |||||
CVE-2019-16163 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | |||||
CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | |||||
CVE-2018-20993 | 1 Yaml-rust Project | 1 Yaml-rust | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. | |||||
CVE-2019-12212 | 1 Freeimage Project | 1 Freeimage | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file. | |||||
CVE-2019-15542 | 1 Ammonia Project | 1 Ammonia | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. | |||||
CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | |||||
CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | |||||
CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | |||||
CVE-2019-1010182 | 1 Yaml-rust Project | 1 Yaml-rust | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later. | |||||
CVE-2019-13129 | 1 Motorola | 2 Cx2l Mwr04l, Cx2l Mwr04l Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | |||||
CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | |||||
CVE-2019-14235 | 2 Djangoproject, Opensuse | 2 Django, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | |||||
CVE-2018-20796 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | |||||
CVE-2019-6285 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
CVE-2019-6291 | 1 Nasm | 1 Netwide Assembler | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | |||||
CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2019-9071 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | |||||
CVE-2018-18020 | 1 Qpdf Project | 1 Qpdf | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. |