Total
579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
| CVE-2019-18817 | 1 Istio | 1 Istio | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | |||||
| CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2019-11-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | |||||
| CVE-2018-12154 | 1 Intel | 1 Graphics Driver | 2019-10-30 | 2.1 LOW | 5.5 MEDIUM |
| Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access. | |||||
| CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | |||||
| CVE-2018-1041 | 2 Jboss, Redhat | 3 Jboss-remoting, Jboss Enterprise Application Platform, Linux | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | |||||
| CVE-2018-14629 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2646 | 1 Redhat | 1 Keycloak | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks. | |||||
| CVE-2017-13191 | 1 Google | 1 Android | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403. | |||||
| CVE-2017-14339 | 1 Yadifa | 1 Yadifa | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | |||||
| CVE-2017-18261 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. | |||||
| CVE-2017-6014 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | |||||
| CVE-2017-6267 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | |||||
| CVE-2017-12995 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). | |||||
| CVE-2017-18238 | 2 Debian, Exempi Project | 2 Debian Linux, Exempi | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. | |||||
| CVE-2017-15602 | 1 Gnu | 1 Libextractor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. | |||||
| CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | |||||
| CVE-2017-17044 | 1 Xen | 1 Xen | 2019-10-03 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |||||
| CVE-2017-14929 | 1 Freedesktop | 1 Poppler | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | |||||