1145 matches found
Astra Linux – Vulnerability in libxml2
A flaw was discovered in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function, where an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by...
Astra Linux – Vulnerability in Qemu
A stack overflow due to an infinite recursion vulnerability was detected in the eepro100 i8255x device emulator of QEMU. This issue occurs during the processing of controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or cause the QEMU...
Astra Linux – Vulnerability in libxml2
The parser.c file in libxml2 before version 2.9.5 does not prevent infinite recursion in parameter entities...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...
Astra Linux – Vulnerability in SQLite3
In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...
Astra Linux – Vulnerability in Poppler
A issue with the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause infinite recursion by providing a crafted PDF file. This can lead to a Denial of Service DoS attack...
Astra Linux – Vulnerability in binutils
A vulnerability was discovered in cp-demangle.c within GNU libiberty, as part of the GNU Binutils 2.31 package. This vulnerability stems from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could exploit this vulnerability to cause a...
Siemens Ruggedcom Rox Uncontrolled Recursion (CVE-2019-13103)
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. This plugin only works with Tenable.ot. Please visit...
CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...
CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...
CVE-2025-7005
CVE-2025-7005 describes an uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file, potentially causing denial-of-service of the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business A...
EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2026-2028)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not...
EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2026-2055)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not...
RHEL 7 : libxml2 (RHSA-2026:22420)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22420 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...
CVE-2026-49941
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...
Denial Of Service (DoS)
Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to infinite recursion in the routing layer, where specially crafted routing configurations or requests can trigger unbounded recursive processing, leading to excessive memory consumption and potentially causing...
EUVD-2026-34298
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...
CVE-2026-49941 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...
CVE-2026-49941 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...
Strawberry GraphQL has a Circular Fragment Reference DOS
Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...