Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14207 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). | |||||
CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | |||||
CVE-2019-6638 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. | |||||
CVE-2019-14371 | 1 Libav | 1 Libav | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. | |||||
CVE-2019-3560 | 1 Facebook | 1 Fizz | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. | |||||
CVE-2018-16789 | 1 Shellinabox Project | 1 Shellinabox | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. | |||||
CVE-2019-10898 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. | |||||
CVE-2018-17202 | 1 Apache | 1 Commons Imaging | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. | |||||
CVE-2019-15143 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. | |||||
CVE-2019-10900 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. | |||||
CVE-2018-17846 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. | |||||
CVE-2018-14567 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | |||||
CVE-2018-17197 | 1 Apache | 1 Tika | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | |||||
CVE-2018-20482 | 3 Debian, Gnu, Opensuse | 3 Debian Linux, Tar, Leap | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | |||||
CVE-2018-14341 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | |||||
CVE-2018-20103 | 3 Canonical, Haproxy, Redhat | 3 Ubuntu Linux, Haproxy, Openshift Container Platform | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. | |||||
CVE-2018-6977 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. | |||||
CVE-2018-1336 | 4 Apache, Canonical, Debian and 1 more | 9 Tomcat, Ubuntu Linux, Debian Linux and 6 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. | |||||
CVE-2018-1999044 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. |