Total
579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14372 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | |||||
| CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-03 | 7.1 HIGH | 6.5 MEDIUM |
| In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
| CVE-2017-7618 | 1 Linux | 1 Linux Kernel | 2023-02-14 | 7.8 HIGH | 7.5 HIGH |
| crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. | |||||
| CVE-2010-3880 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-13 | 4.9 MEDIUM | N/A |
| net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. | |||||
| CVE-2011-4621 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. | |||||
| CVE-2009-2906 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-02-13 | 4.0 MEDIUM | N/A |
| smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. | |||||
| CVE-2011-2213 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Aus, Enterprise Linux Desktop and 3 more | 2023-02-13 | 4.9 MEDIUM | N/A |
| The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. | |||||
| CVE-2014-0148 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2023-02-13 | N/A | 5.5 MEDIUM |
| Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | |||||
| CVE-2021-3416 | 4 Debian, Fedoraproject, Qemu and 1 more | 4 Debian Linux, Fedora, Qemu and 1 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2019-3833 | 3 Fedoraproject, Opensuse, Openwsman Project | 3 Fedora, Leap, Openwsman | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | |||||
| CVE-2017-7542 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | |||||
| CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
| CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
| CVE-2016-8909 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | |||||
| CVE-2016-7908 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | |||||
| CVE-2016-1981 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. | |||||
| CVE-2015-8558 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | |||||
| CVE-2021-20257 | 4 Debian, Fedoraproject, Qemu and 1 more | 8 Debian Linux, Fedora, Qemu and 5 more | 2023-02-12 | 2.1 LOW | 6.5 MEDIUM |
| An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2023-23617 | 1 Openmage | 1 Magento | 2023-02-07 | N/A | 7.5 HIGH |
| OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. | |||||
| CVE-2019-17349 | 2 Debian, Xen | 2 Debian Linux, Xen | 2023-02-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | |||||