Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35724 | 1 Apache | 1 Avro | 2023-12-10 | N/A | 7.5 HIGH |
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | |||||
CVE-2014-0148 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2023-12-10 | N/A | 5.5 MEDIUM |
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | |||||
CVE-2022-35165 | 1 Axiosys | 1 Bento4 | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. | |||||
CVE-2022-33239 | 1 Qualcomm | 468 Apq8009, Apq8009 Firmware, Apq8017 and 465 more | 2023-12-10 | N/A | 7.5 HIGH |
Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2021-37819 | 1 Pdftk-java Project | 1 Pdftk-java | 2023-12-10 | N/A | 7.5 HIGH |
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java. | |||||
CVE-2022-32058 | 1 Tp-link | 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
CVE-2022-34862 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-12-10 | N/A | 7.5 HIGH |
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2021-46828 | 2 Debian, Libtirpc Project | 2 Debian Linux, Libtirpc | 2023-12-10 | N/A | 7.5 HIGH |
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | |||||
CVE-2021-20257 | 4 Debian, Fedoraproject, Qemu and 1 more | 8 Debian Linux, Fedora, Qemu and 5 more | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-40592 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. | |||||
CVE-2022-25851 | 1 Jpeg-js Project | 1 Jpeg-js | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. | |||||
CVE-2022-29190 | 1 Pion | 1 Dtls | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | |||||
CVE-2022-21159 | 1 Mz-automation | 1 Libiec61850 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. | |||||
CVE-2022-23641 | 1 Discourse | 1 Discourse | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed. | |||||
CVE-2022-0711 | 3 Debian, Haproxy, Redhat | 5 Debian Linux, Haproxy, Enterprise Linux and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | |||||
CVE-2022-0586 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-23352 | 1 Bigantsoft | 1 Bigant Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | |||||
CVE-2022-29028 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
CVE-2022-24792 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. | |||||
CVE-2022-24859 | 2 Debian, Pypdf2 Project | 2 Debian Linux, Pypdf2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream. |