Total
553 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19307 | 1 Cesanta | 1 Mongoose | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | |||||
CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | |||||
CVE-2019-8741 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A denial of service issue was addressed with improved input validation. | |||||
CVE-2015-5278 | 4 Arista, Canonical, Fedoraproject and 1 more | 4 Eos, Ubuntu Linux, Fedora and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | |||||
CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
CVE-2019-18836 | 2 Envoyproxy, Istio | 2 Envoy, Istio | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | |||||
CVE-2019-19451 | 3 Fedoraproject, Gnome, Opensuse | 3 Fedora, Dia, Leap | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | |||||
CVE-2019-5091 | 1 Leadtools | 1 Leadtools | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. | |||||
CVE-2019-5097 | 1 Embedthis | 1 Goahead | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server. | |||||
CVE-2019-17350 | 2 Debian, Xen | 2 Debian Linux, Xen | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | |||||
CVE-2013-3722 | 1 Opensips | 1 Opensips | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. | |||||
CVE-2019-18817 | 1 Istio | 1 Istio | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | |||||
CVE-2020-1600 | 1 Juniper | 1 Junos | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. | |||||
CVE-2019-19588 | 1 Validators Project | 1 Validators | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. | |||||
CVE-2015-5239 | 5 Arista, Canonical, Fedoraproject and 2 more | 8 Eos, Ubuntu Linux, Fedora and 5 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | |||||
CVE-2019-18217 | 1 Proftpd | 1 Proftpd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | |||||
CVE-2019-17349 | 2 Debian, Xen | 2 Debian Linux, Xen | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | |||||
CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
CVE-2019-0205 | 3 Apache, Oracle, Redhat | 4 Thrift, Communications Cloud Native Core Network Slice Selection Function, Enterprise Linux Server and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. | |||||
CVE-2019-19582 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. |