Total
590 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23596 | 1 Junrar Project | 1 Junrar | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible. | |||||
| CVE-2022-23968 | 1 Xerox | 21 Versalink B400, Versalink B405, Versalink B600 and 18 more | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue." | |||||
| CVE-2015-8785 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Real Time Extension | 2022-01-31 | 4.9 MEDIUM | 6.2 MEDIUM |
| The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. | |||||
| CVE-2021-23567 | 1 Colors.js Project | 1 Colors.js | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0 | |||||
| CVE-2021-45445 | 1 Unisys | 1 Clearpath Mcp Tcp\/ip Networking Services | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | |||||
| CVE-2021-40111 | 1 Apache | 1 James | 2022-01-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. | |||||
| CVE-2021-45257 | 1 Nasm | 1 Netwide Assembler | 2022-01-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. | |||||
| CVE-2021-44924 | 1 Gpac | 1 Gpac | 2021-12-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. | |||||
| CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
| CVE-2021-20041 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.8 HIGH | 7.5 HIGH |
| An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-20270 | 4 Debian, Fedoraproject, Pygments and 1 more | 7 Debian Linux, Fedora, Pygments and 4 more | 2021-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | |||||
| CVE-2018-20482 | 3 Debian, Gnu, Opensuse | 3 Debian Linux, Tar, Leap | 2021-11-30 | 1.9 LOW | 4.7 MEDIUM |
| GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | |||||
| CVE-2015-5278 | 4 Arista, Canonical, Fedoraproject and 1 more | 4 Eos, Ubuntu Linux, Fedora and 1 more | 2021-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | |||||
| CVE-2020-23566 | 1 Irfanview | 1 Irfanview | 2021-11-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. | |||||
| CVE-2021-31363 | 1 Juniper | 2 Junos, Junos Os Evolved | 2021-10-25 | 3.3 LOW | 6.5 MEDIUM |
| In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO. | |||||
| CVE-2021-42040 | 1 Mediawiki | 1 Mediawiki | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion. | |||||
| CVE-2021-42084 | 1 Zammad | 1 Zammad | 2021-10-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. | |||||
| CVE-2021-37146 | 1 Ros | 1 Ros-comm | 2021-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call. | |||||
| CVE-2021-29365 | 1 Irfanview | 1 Irfanview | 2021-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). | |||||
| CVE-2021-1914 | 1 Qualcomm | 310 Apq8009, Apq8009 Firmware, Apq8009w and 307 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||