Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-46770 | 1 Linuxfoundation | 1 Mirage Firewall | 2023-12-10 | N/A | 7.5 HIGH |
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). | |||||
CVE-2021-33642 | 1 Openeuler | 1 Byacc | 2023-12-10 | N/A | 5.5 MEDIUM |
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. | |||||
CVE-2022-28884 | 2 F-secure, Withsecure | 4 Internet Gatekeeper, Linux Security, Business Suite and 1 more | 2023-12-10 | N/A | 7.5 HIGH |
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine. | |||||
CVE-2022-30634 | 3 Golang, Microsoft, Netapp | 3 Go, Windows, Cloud Insights Telegraf Agent | 2023-12-10 | N/A | 7.5 HIGH |
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | |||||
CVE-2022-42721 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. | |||||
CVE-2022-28886 | 1 F-secure | 5 Cloud Protection For Salesforce, Collaboration Protection, Elements Endpoint Protection and 2 more | 2023-12-10 | N/A | 5.5 MEDIUM |
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine | |||||
CVE-2022-37768 | 1 Jpeg | 1 Libjpeg | 2023-12-10 | N/A | 7.5 HIGH |
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | |||||
CVE-2021-44718 | 1 Wolfssl | 1 Wolfssl | 2023-12-10 | N/A | 5.9 MEDIUM |
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | |||||
CVE-2022-2833 | 1 Blender | 1 Blender | 2023-12-10 | N/A | 7.5 HIGH |
Endless Infinite loop in Blender-thumnailing due to logical bugs. | |||||
CVE-2022-3190 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-12-10 | N/A | 5.5 MEDIUM |
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-25742 | 1 Qualcomm | 42 Ar8031, Ar8031 Firmware, Csra6620 and 39 more | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | |||||
CVE-2022-28882 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2023-12-10 | N/A | 7.5 HIGH |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | |||||
CVE-2022-39052 | 1 Otrs | 1 Otrs | 2023-12-10 | N/A | 6.5 MEDIUM |
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | |||||
CVE-2022-31628 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2023-12-10 | N/A | 5.5 MEDIUM |
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | |||||
CVE-2022-34661 | 1 Siemens | 1 Teamcenter | 2023-12-10 | N/A | 7.5 HIGH |
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition. | |||||
CVE-2022-36313 | 1 File-type Project | 1 File-type | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack. | |||||
CVE-2022-34760 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2023-12-10 | N/A | 7.5 HIGH |
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
CVE-2022-35166 | 1 Jpeg | 1 Libjpeg | 2023-12-10 | N/A | 5.5 MEDIUM |
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. | |||||
CVE-2022-3252 | 1 Apple | 1 Swift-nio-extras | 2023-12-10 | N/A | 7.5 HIGH |
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub. | |||||
CVE-2020-14394 | 3 Fedoraproject, Qemu, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more | 2023-12-10 | N/A | 3.2 LOW |
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. |