11152 matches found
PT-2024-37355 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the isoffin process function of the src/filters/isoffin read.c file in the MP4Box component. This issue leads to an infinite loop. The...
GPAC Security Vulnerabilities
GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.5-DEV-rev228-g11067ea92-master. An attacker exploited the vulnerability to cause an infinite loop in the application...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...
RLSA-2024:3049 Moderate: perl-Convert-ASN1 security update
Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fixes: perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input CVE-2013-7488 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
perl-Convert-ASN1 security update
An update is available for perl-Convert-ASN1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Convert::ASN1 encodes and decodes ASN.1 data structures using BER/D...
CVE-2024-32976
A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service...
Fortinet FortiClient in OpenSSL library (FG-IR-22-059)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...
CVE-2024-5949
Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...
CVE-2024-5949 Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...
CVE-2024-5949
CVE-2024-5949 affects Deep Sea Electronics DSE855 devices. The flaw is in the handling of multipart boundaries, caused by a logic error that can trigger an infinite loop, enabling network-adjacent attackers to perform a denial-of-service. Authentication is not required. The available connected so...
CVE-2024-5949 Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...
The vulnerability of the QEMU hardware emulation software, related to the cycle with an unreachable exit condition, allows a hacker to trigger a service failure.
The vulnerability of the QEMU hardware emulator is related to an infinite loop error in the emulation of the USB xHCI controller during the calculation of the TRB ring length. Exploiting this vulnerability can allow a hacker to cause a system failure...
Deep Sea Electronics DSE855 Security Vulnerability
The Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the handling of multi-part boundaries that could lead to an infinite loop logic error, whi...
PT-2024-37263 · Deep Sea Electronics · Dse855
Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. The specific flaw...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
Siemens TIM 1531 IRC Infinite Loop Vulnerability
The TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300. An infinite loop vulnerability exists in the Siemens TIM 1531 IRC, which can be exploited by an authenticated, remote attacker to create a denial of service condition by importing a specially crafted PKCS12 container...
Medium: cri-tools
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
Amazon Linux 2 : cri-tools (ALAS-2024-2568)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
golang: net: malformed DNS message can cause infinite loop
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...
ROS-20240611-14
The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...