Total
549 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44181 | 1 Juniper | 9 Junos, Qfk5110, Qfk5120 and 6 more | 2023-12-10 | N/A | 7.5 HIGH |
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k. | |||||
CVE-2023-45363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | |||||
CVE-2022-40090 | 1 Libtiff | 1 Libtiff | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | |||||
CVE-2023-38197 | 1 Qt | 1 Qt | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. | |||||
CVE-2023-3748 | 1 Frrouting | 1 Frrouting | 2023-12-10 | N/A | 7.5 HIGH |
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. | |||||
CVE-2023-26151 | 1 Freeopcua | 1 Opcua-asyncio | 2023-12-10 | N/A | 7.5 HIGH |
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | |||||
CVE-2020-35139 | 1 Facuet | 1 Ryu | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | |||||
CVE-2020-24221 | 1 Miniupnp Project | 1 Ngiflib | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | |||||
CVE-2023-43645 | 1 Openfga | 1 Openfga | 2023-12-10 | N/A | 5.9 MEDIUM |
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected. | |||||
CVE-2023-3255 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Enterprise Linux | 2023-12-10 | N/A | 6.5 MEDIUM |
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. | |||||
CVE-2023-42525 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-10 | N/A | 7.5 HIGH |
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | |||||
CVE-2023-30188 | 1 Onlyoffice | 1 Document Server | 2023-12-10 | N/A | 7.5 HIGH |
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file. | |||||
CVE-2020-36023 | 1 Freedesktop | 1 Poppler | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | |||||
CVE-2023-20996 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764 | |||||
CVE-2023-2879 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | N/A | 7.5 HIGH |
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-37013 | 1 Unified-automation | 1 Opc Ua C\+\+ Demo Server | 2023-12-10 | N/A | 7.5 HIGH |
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203. | |||||
CVE-2023-20999 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246750467 | |||||
CVE-2023-35933 | 1 Openfga | 1 Openfga | 2023-12-10 | N/A | 7.5 HIGH |
OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected. | |||||
CVE-2023-30300 | 1 W3 | 1 Webassembly | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop. | |||||
CVE-2023-20997 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702 |