CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp...

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046)

Summary Multiple vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system because the library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45105)

Summary Apache Log4j Vulnerability Affects IBM Sterling Control Center CVE-2021-45105. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

BSA-2021-1655

Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...

MGASA-2021-0572 Updated log4j packages fix security vulnerability

Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...

Exploit for Improper Input Validation in Apache Log4J

tejas-nagchandi/CVE-2021-45105 Replicating CVE-2021-45105...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validatio...

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

Denial Of Service

wireshark:sid is vulnerable to denial of service attacks.Uncontrolled Recursion in the Bluetooth DHT dissector allows denial of service via packet injection or crafted capture file...

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

...

Design/Logic Flaw

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

CVE-2021-39929

CVE-2021-39929 affects the Bluetooth DHT dissector in Wireshark, causing Denial of Service via packet injections or crafted capture files for Wireshark 3.4.0–3.4.9 and 3.2.0–3.2.17 due to uncontrolled recursion. Remediation is upgrading Wireshark to a fixed version (e.g., 3.4.10+ per Debian/Alt L...

PT-2021-5595 · Wireshark +5 · Wireshark +5

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.2.0 through 3.2.17 Wireshark versions 3.4.0 through 3.4.9 Description: The issue is caused by uncontrolled recursion in the Bluetooth DHT dissector. This can be exploited by a remote attacker to cause a denial of service ...

F5 Networks BIG-IP : cURL vulnerability (K61186963)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K61186963 advisory. curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP...

NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allo...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...