Total
579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1282 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | |||||
| CVE-2021-22222 | 3 Debian, Oracle, Wireshark | 5 Debian Linux, Enterprise Manager Ops Center, Instantis Enterprisetrack and 2 more | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2020-14398 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | |||||
| CVE-2016-5042 | 1 Libdwarf Project | 1 Libdwarf | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. | |||||
| CVE-2022-23641 | 1 Discourse | 1 Discourse | 2022-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed. | |||||
| CVE-2018-16845 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2022-02-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | |||||
| CVE-2017-15908 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2022-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | |||||
| CVE-2009-1270 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2022-02-10 | 7.8 HIGH | N/A |
| libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. | |||||
| CVE-2013-2789 | 1 Kepware | 1 Kepserverex | 2022-02-07 | 7.8 HIGH | N/A |
| The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line. | |||||
| CVE-2022-23596 | 1 Junrar Project | 1 Junrar | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible. | |||||
| CVE-2022-23968 | 1 Xerox | 21 Versalink B400, Versalink B405, Versalink B600 and 18 more | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue." | |||||
| CVE-2015-8785 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Real Time Extension | 2022-01-31 | 4.9 MEDIUM | 6.2 MEDIUM |
| The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. | |||||
| CVE-2021-23567 | 1 Colors.js Project | 1 Colors.js | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0 | |||||
| CVE-2021-45445 | 1 Unisys | 1 Clearpath Mcp Tcp\/ip Networking Services | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | |||||
| CVE-2021-40111 | 1 Apache | 1 James | 2022-01-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. | |||||
| CVE-2021-45257 | 1 Nasm | 1 Netwide Assembler | 2022-01-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. | |||||
| CVE-2021-44924 | 1 Gpac | 1 Gpac | 2021-12-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. | |||||
| CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
| CVE-2021-20041 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.8 HIGH | 7.5 HIGH |
| An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-20270 | 4 Debian, Fedoraproject, Pygments and 1 more | 7 Debian Linux, Fedora, Pygments and 4 more | 2021-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | |||||