Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | N/A | 7.5 HIGH |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | |||||
| CVE-2020-20213 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-1898 | 1 Facebook | 1 Hhvm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-18898 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | |||||
| CVE-2020-18392 | 1 Cesanta | 1 Mjs | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-16094 | 2 Claws-mail, Fedoraproject | 2 Claws-mail, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. | |||||
| CVE-2020-15101 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 4.0 MEDIUM | 2.8 LOW |
| In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1. | |||||
| CVE-2020-13800 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
| ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | |||||
| CVE-2020-12825 | 1 Gnome | 1 Libcroco | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | |||||
| CVE-2020-12662 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |||||
| CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||||
| CVE-2020-12100 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | |||||
| CVE-2020-10704 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | |||||
| CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | |||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | |||||
| CVE-2019-9192 | 1 Gnu | 1 Glibc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. | |||||
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9143 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9071 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | |||||
| CVE-2019-6293 | 1 Flex Project | 1 Flex | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. | |||||