CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

...

CVE-2021-38380

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack...

CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

USN-4923-1 edk2 vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

Stack overflow

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the hos...

CVE-2021-28040

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in osxml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached...

Design/Logic Flaw

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in osxml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1410)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dotnet: certificate chain building recursion Denial of Service

A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

...

ezXML Stack Overflow Vulnerability

ezXML is a C library for parsing XML documents . A stack overflow vulnerability exists in ezXML. The vulnerability stems from the ezxmlentok function not handling recursion correctly. An attacker could exploit this vulnerability via a specially crafted XML file to cause a denial of service...

CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

CVE-2018-16452

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smbfdata via recursion...

UBUNTU-CVE-2018-20821

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::Parser::parsecssvariablevalue in parser.cpp...

DEBIAN-CVE-2018-18020

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file...