USN-7743-1: libxml2 vulnerability

Nikita Sveshnikov discovered that libxml2 incorrectly handled recursion when processing XPath expressions. An attacker could possibly use this issue to cause a denial of service...

PT-2025-32694 · Intel · Tinycbor

Name of the Vulnerable Software and Affected Versions: TinyCBOR versions prior to 0.6.1 Description: An uncontrolled recursion issue in some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

CVE-2025-53012

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsin...

USN-7552-1 wireshark vulnerabilities

It was discovered that Wireshark did not correctly handle recursion. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

CVE-2024-2965

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

CVE-2025-37917

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spinlockirqsave and spinunlockirqrestore instead of spinlock and spinunlock in mtkstaremac driver to avoid spinlock recursion occurrence that can happe...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

Denial Of Service (DoS)

org.elasticsearch, elasticsearch is vulnerable to a Denial Of Service DoS. The vulnerability is due to a large recursion issue caused by the innerForbidCircularReferences function of the PatternBank class, which allows a user with the readpipeline privilege to crash the node...

CVE-2024-52980

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52981

CVE-2024-52981 affects Elasticsearch: a recursive parser for Well-Known Text (WKT) with nested GeometryCollection objects can trigger a stack overflow, leading to DoS. Affected: Elasticsearch 7.17.0–7.17.23 and 8.0–8.15.0. Fixed in 7.17.24 and 8.15.1 or newer. CVSS/NVD indicates high impact on av...

CVE-2024-52980

CVE-2024-52980 refers to an Elasticsearch vulnerability where a large recursion in the PatternBank.innerForbidCircularReferences function can crash a node. The issue requires a user with read_pipeline cluster privilege to trigger the condition, making it a resource-exhaustion risk (availability l...

DEBIAN-CVE-2023-52986

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. The variant depends on the socket'...

Linux Distros Unpatched Vulnerability : CVE-2023-1436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads...

CVE-2024-44996

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive -recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot-recvmsg has been replaced with vsockbpfrecvmsg. Thus the following recursiion could happen: vsockbpfrecvmsg - vsockrecvmsg -...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a recursion issue in the ACPI notification handler...

SUSE CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...

SUSE CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975...

SUSE-SU-2022:3493-1 Security update for libcroco

This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions bsc1171685...

PT-2025-18481

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, which prevented bpf program recursion for raw tracepoint probes. The issue was caused by a bpf program attached to the contention...