Total
253 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-9918 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. | |||||
CVE-2018-5772 | 1 Exiv2 | 1 Exiv2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. | |||||
CVE-2018-11597 | 1 Espruino | 1 Espruino | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. | |||||
CVE-2018-11254 | 1 Podofo Project | 1 Podofo | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. | |||||
CVE-2016-10707 | 1 Jquery | 1 Jquery | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. | |||||
CVE-2018-9996 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. | |||||
CVE-2018-1000618 | 1 Eosio Project | 1 Eos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . | |||||
CVE-2018-0739 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). | |||||
CVE-2017-7515 | 1 Freedesktop | 1 Poppler | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | |||||
CVE-2017-12964 | 1 Libsass | 1 Libsass | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | |||||
CVE-2017-9304 | 1 Virustotal | 1 Yara | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | |||||
CVE-2017-9766 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | |||||
CVE-2017-8537 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | |||||
CVE-2017-8539 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | |||||
CVE-2017-8542 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | |||||
CVE-2017-9616 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | |||||
CVE-2017-0692 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407. | |||||
CVE-2017-11164 | 1 Pcre | 1 Pcre | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. | |||||
CVE-2017-8536 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | |||||
CVE-2017-9729 | 1 Uclibc | 1 Uclibc | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. |