UBUNTU-CVE-2018-15853

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation...

PT-2019-8041 · Pcre +2 · Pcre +2

Name of the Vulnerable Software and Affected Versions: PCRE version 8.41 Description: The issue is related to a crash overflow in the function match in pcre exec.c due to a self-recursive call. This occurs after compiling and running a pcretest load test proof of concept. It's worth noting that...

CVE-2018-13795

Gravity before 0.5.1 does not support a maximum recursion depth...

CVE-2018-13795

Gravity before 0.5.1 does not support a maximum recursion depth...

Design/Logic Flaw

Gravity before 0.5.1 does not support a maximum recursion depth...

CVE-2018-13795

Gravity before 0.5.1 does not support a maximum recursion depth...

CVE-2018-13795

CVE-2018-13795 affects Gravity prior to 0.5.1. The issue is described as: Gravity before 0.5.1 does not support a maximum recursion depth. Connected sources list Gravity-specific references with this description; no additional technical details (root cause, affected versions beyond the pre-0.5.1 ...

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

GNU Binutils debug.c File Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A security vulnerability exists in the...

CVE-2018-12700

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2018-12700

Removed by vendor...

MGASA-2018-0290 Updated poppler packages fix security vulnerability

The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...

Updated poppler packages fix security vulnerability

The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...

Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0739)

Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in...

Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM Cognos Metrics Manager.

Summary Vulnerabilities have been addressed in the Libxml2 component of IBM Cognos Metrics Manager. Vulnerability Details CVEID: CVE-2016-4658 DESCRIPTION: The libxml2 library, as used in multiple products, could allow a remote attacker to execute arbitrary code on the system, caused by a memory...

Ubuntu 18.04 LTS : Bind vulnerability (USN-3683-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3683-1 advisory. Andrew Skalski discovered that Bind could incorrectly enable recursion when the allow-recursion setting wasn't specified. This issue could improperly permit...

USN-3683-1 bind9 vulnerability

Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations...

USN-3683-1: Bind vulnerability

Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations...

UBUNTU-CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

WebKit - Use-After-Free when Resuming Generator Exploit

Exploit for multiple platform in category dos / poc !-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = email protected...