Total
256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11164 | 1 Pcre | 1 Pcre | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. | |||||
| CVE-2019-1003011 | 2 Jenkins, Redhat | 2 Token Macro, Openshift Container Platform | 2023-10-25 | 5.5 MEDIUM | 8.1 HIGH |
| An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. | |||||
| CVE-2019-18854 | 1 10up | 1 Safe Svg | 2023-10-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. | |||||
| CVE-2021-27434 | 2 Microsoft, Unified-automation | 2 .net Framework, .net Based Opc Ua Client\/server Sdk | 2023-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
| CVE-2022-48545 | 1 Xpdfreader | 1 Xpdf | 2023-08-28 | N/A | 5.5 MEDIUM |
| An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | |||||
| CVE-2022-28773 | 1 Sap | 2 Netweaver, Web Dispatcher | 2023-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | |||||
| CVE-2022-24921 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Astra Trident | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | |||||
| CVE-2021-45832 | 1 Hdfgroup | 1 Hdf5 | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). | |||||
| CVE-2021-46505 | 1 Jsish | 1 Jsish | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | |||||
| CVE-2021-46509 | 1 Cesanta | 1 Mjs | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. | |||||
| CVE-2022-20382 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.7 MEDIUM |
| In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References: Upstream kernel | |||||
| CVE-2021-41752 | 1 Jerryscript | 1 Jerryscript | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | |||||
| CVE-2021-46507 | 1 Jsish | 1 Jsish | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | |||||
| CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2023-08-07 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2022-21708 | 1 Graphql-go Project | 1 Graphql-go | 2023-07-24 | 3.5 LOW | 6.5 MEDIUM |
| graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended. | |||||
| CVE-2022-31173 | 1 Juniper Project | 1 Juniper | 2023-07-24 | N/A | 7.5 HIGH |
| Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually. | |||||
| CVE-2022-40150 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2023-07-13 | N/A | 7.5 HIGH |
| Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. | |||||
| CVE-2022-23460 | 1 Json\+\+ Project | 1 Json\+\+ | 2023-07-13 | N/A | 7.5 HIGH |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2023-06-30 | N/A | 7.5 HIGH |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | |||||
| CVE-2022-3216 | 1 Nintendo | 2 Game Boy Color, Game Boy Color Firmware | 2023-06-29 | N/A | 8.8 HIGH |
| A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This vulnerability affects unknown code of the component Mobile Adapter GB. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-208606 is the identifier assigned to this vulnerability. | |||||