ReportizFlow
Filtered by vendor
Subscriptions
Total
302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21232 | 1 Re2c | 1 Re2c | 2024-11-21 | 5.5 Medium |
| re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. | ||||
| CVE-2018-20994 | 1 Trust-dns-proto Project | 1 Trust-dns-proto | 2024-11-21 | N/A |
| An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | ||||
| CVE-2018-20993 | 1 Yaml-rust Project | 1 Yaml-rust | 2024-11-21 | N/A |
| An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. | ||||
| CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 6.5 Medium |
| LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | ||||
| CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 6.5 Medium |
| The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | ||||
| CVE-2018-20796 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | ||||
| CVE-2018-20030 | 1 Libexif Project | 1 Libexif | 2024-11-21 | N/A |
| An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | ||||
| CVE-2018-1158 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A |
| Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. | ||||
| CVE-2018-19218 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. | ||||
| CVE-2018-18484 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. | ||||
| CVE-2018-18020 | 1 Qpdf Project | 1 Qpdf | 2024-11-21 | N/A |
| In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. | ||||
| CVE-2018-16452 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2024-11-21 | 7.5 High |
| The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | ||||
| CVE-2018-16426 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | ||||
| CVE-2018-16300 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2024-11-21 | 7.5 High |
| The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | ||||
| CVE-2018-15853 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | ||||
| CVE-2018-11797 | 4 Apache, Fedoraproject, Oracle and 1 more | 4 Pdfbox, Fedora, Retail Xstore Point Of Service and 1 more | 2024-11-21 | 5.5 Medium |
| In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | ||||
| CVE-2018-11597 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. | ||||
| CVE-2018-11254 | 1 Podofo Project | 1 Podofo | 2024-11-21 | N/A |
| An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. | ||||
| CVE-2018-1000618 | 1 Eosio Project | 1 Eos | 2024-11-21 | N/A |
| EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . | ||||
| CVE-2018-0739 | 4 Canonical, Debian, Openssl and 1 more | 6 Ubuntu Linux, Debian Linux, Openssl and 3 more | 2024-11-21 | N/A |
| Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). | ||||