Total
297 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2024-08-04 | N/A |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2019-9071 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | ||||
| CVE-2019-8961 | 1 Flexera | 1 Flexnet Publisher | 2024-08-04 | 7.5 High |
| A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition. | ||||
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||||
| CVE-2020-36375 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36366 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36373 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36367 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36372 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36368 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36369 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36374 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36370 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36371 | 1 Cesanta | 1 Mjs | 2024-08-04 | 5.5 Medium |
| Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-29566 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability. | ||||
| CVE-2020-28196 | 5 Fedoraproject, Mit, Netapp and 2 more | 13 Fedora, Kerberos 5, Active Iq Unified Manager and 10 more | 2024-08-04 | 7.5 High |
| MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | ||||
| CVE-2020-26882 | 1 Lightbend | 1 Play Framework | 2024-08-04 | 7.5 High |
| In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | ||||
| CVE-2020-26883 | 1 Lightbend | 1 Play Framework | 2024-08-04 | 7.5 High |
| In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | ||||
| CVE-2020-25219 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-04 | 7.5 High |
| url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | ||||
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-04 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||