Total
253 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13123 | 2 Foxitsoftware, Microsoft | 2 Foxit Reader, Windows | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). | |||||
CVE-2018-4002 | 1 Cujo | 2 Smart Firewall, Smart Firewall Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | |||||
CVE-2018-16300 | 1 Tcpdump | 1 Tcpdump | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | |||||
CVE-2019-18797 | 1 Sass-lang | 1 Libsass | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. | |||||
CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | |||||
CVE-2019-19645 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | |||||
CVE-2019-13124 | 2 Foxitsoftware, Microsoft | 2 Foxit Reader, Windows | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). | |||||
CVE-2019-20334 | 1 Nasm | 1 Netwide Assembler | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | |||||
CVE-2018-16452 | 1 Tcpdump | 1 Tcpdump | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | |||||
CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | |||||
CVE-2019-17450 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | |||||
CVE-2019-20395 | 1 Cesnet | 1 Libyang | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | |||||
CVE-2019-18854 | 1 10up | 1 Safe Svg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. | |||||
CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | |||||
CVE-2019-12212 | 1 Freeimage Project | 1 Freeimage | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file. | |||||
CVE-2019-11024 | 1 Libsixel Project | 1 Libsixel | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. | |||||
CVE-2019-11413 | 1 Artifex | 1 Mujs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. | |||||
CVE-2019-15542 | 1 Ammonia Project | 1 Ammonia | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. | |||||
CVE-2019-16163 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | |||||
CVE-2018-20993 | 1 Yaml-rust Project | 1 Yaml-rust | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. |