Total
246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27432 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua .net Standard Stack | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
| CVE-2021-29615 | 1 Google | 1 Tensorflow | 2021-05-18 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2019-18853 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | |||||
| CVE-2021-21359 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2020-1898 | 1 Facebook | 1 Hhvm | 2021-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2021-28040 | 1 Ossec | 1 Ossec | 2021-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. | |||||
| CVE-2020-26883 | 1 Lightbend | 1 Play Framework | 2020-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | |||||
| CVE-2020-26882 | 1 Lightbend | 1 Play Framework | 2020-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | |||||
| CVE-2019-6292 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. | |||||
| CVE-2019-1010182 | 1 Yaml-rust Project | 1 Yaml-rust | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later. | |||||
| CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | |||||
| CVE-2018-1000618 | 1 Eosio Project | 1 Eos | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . | |||||
| CVE-2019-20334 | 1 Nasm | 1 Netwide Assembler | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | |||||
| CVE-2019-11024 | 1 Libsixel Project | 1 Libsixel | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. | |||||
| CVE-2019-13288 | 1 Glyphandcog | 1 Xpdfreader | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. | |||||
| CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | |||||
| CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | |||||
| CVE-2019-1010183 | 1 Serde-yaml Project | 1 Serde-yaml | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later. | |||||
| CVE-2019-13129 | 1 Motorola | 2 Cx2l Mwr04l, Cx2l Mwr04l Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | |||||
| CVE-2019-6290 | 1 Nasm | 1 Netwide Assembler | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | |||||