Total
818 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36990 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 6.5 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. | ||||
| CVE-2024-6614 | 2024-10-29 | 4.3 Medium | ||
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2021-33294 | 1 Elfutils Project | 1 Elfutils | 2024-10-28 | 5.5 Medium |
| In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. | ||||
| CVE-2023-37748 | 1 Miniupnp Project | 1 Ngiflib | 2024-10-28 | 5.5 Medium |
| ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | ||||
| CVE-2023-33305 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiweb | 2024-10-22 | 4.9 Medium |
| A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. | ||||
| CVE-2011-1142 | 1 Wireshark | 1 Wireshark | 2024-10-21 | 7.5 High |
| Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. | ||||
| CVE-2016-6817 | 1 Apache | 1 Tomcat | 2024-10-15 | 7.5 High |
| The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. | ||||
| CVE-2023-45363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-10-15 | 7.5 High |
| An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | ||||
| CVE-2024-45506 | 1 Haproxy | 1 Haproxy | 2024-10-14 | 7.5 High |
| HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. | ||||
| CVE-2024-8088 | 2 Python Software Foundation, Redhat | 2 Cpython, Enterprise Linux | 2024-10-11 | 5.3 Medium |
| There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. | ||||
| CVE-2023-4540 | 1 Daurnimator | 1 Lua-http | 2024-10-10 | 7.5 High |
| Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283. | ||||
| CVE-2020-24221 | 1 Miniupnp Project | 1 Ngiflib | 2024-10-09 | 5.5 Medium |
| An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | ||||
| CVE-2020-35139 | 1 Facuet | 1 Ryu | 2024-10-09 | 7.5 High |
| An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | ||||
| CVE-2020-35141 | 1 Facuet | 1 Ryu | 2024-10-09 | 7.5 High |
| An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | ||||
| CVE-2020-36023 | 1 Freedesktop | 1 Poppler | 2024-10-09 | 6.5 Medium |
| An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | ||||
| CVE-2023-30188 | 1 Onlyoffice | 1 Document Server | 2024-10-09 | 7.5 High |
| Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file. | ||||
| CVE-2023-5825 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. | ||||
| CVE-2024-0211 | 1 Wireshark | 1 Wireshark | 2024-10-08 | 7.8 High |
| DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2022-40090 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-10-03 | 6.5 Medium |
| An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | ||||
| CVE-2022-48522 | 1 Perl | 1 Perl | 2024-10-03 | 9.8 Critical |
| In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | ||||