8 matches found
PT-2026-40359
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...
github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...
SUSE ovmf 安全漏洞
SUSE ovmf is a firmware from SUSE Germany. It is used to support virtual machines for UEFI. A security vulnerability exists in SUSE ovmf that stems from unrestricted FV recursion...
OSSEC 安全漏洞
Scott R. Shinn OSSEC is Scott R. Shinn an open source application. OSSEC provides a simple, powerful and open source solution that combines all aspects of HIDS Host Based Intrusion Detection, log monitoring and SIM,SIEM. A security vulnerability exists in OSSEC 3.6.0, which stems from the...
file: unrestricted recursion in handling of indirect type rules
A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...
Oracle Linux 5 / 6 : php53 / and / php (ELSA-2014-1012)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1012 advisory. - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-base...
file: unrestricted recursion in handling of indirect type rules
A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...