Lucene search
+L

1149 matches found

OSV
OSV
added 2016/05/03 2:20 p.m.11 views

SUSE-SU-2016:1204-1 Security update for libxml2

This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

7.5CVSS6.5AI score0.07025EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2016/04/11 12:0 a.m.28 views

libtasn1 -- denial of service parsing malicious DER certificates

GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...

5.9CVSS3.7AI score0.29572EPSS
Exploits0References2
OSV
OSV
added 2015/12/02 1:59 a.m.11 views

CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

9.8CVSS9.7AI score
Exploits0References10
OSV
OSV
added 2015/12/02 1:59 a.m.1 views

DEBIAN-CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

9.8CVSS9.3AI score0.03887EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/02 12:0 a.m.4 views

PCRE Denial of Service Vulnerability (CNVD-2015-07884)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle the '/? :|a|100x...

9.8CVSS9.3AI score0.03887EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/11/19 12:0 a.m.5 views

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

7.5CVSS7.4AI score0.04049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2015/10/30 9:41 a.m.23 views

CVE-2006-6297

Stack consumption vulnerability in the KFILE JPEG kfilejpeg plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service stack consumption via a crafted EXIF section in a JPEG file, which results in an infinite recursio...

5CVSS7.2AI score0.02145EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.12 views

The vulnerability of the Internet Information Services software allows a perpetrator to cause service failures.

The Internet Information Services software package contains a vulnerability in the ftpsvc2.dll module, located in the C:\Windows\system32\inetsrv directory. Using this module causes exhaustion of the stack when processing a special command argument “LIST”. This occurs due to a recursive function...

2.6CVSS5.4AI score0.82265EPSS
Exploits9References3Affected Software1
RedHat Linux
RedHat Linux
added 2014/12/09 8:33 p.m.5 views

kernel: udf: Avoid infinite loop when processing indirect ICBs

A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format UDF file system implementation processed indirect Information Control Blocks ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the...

4.7CVSS6.7AI score0.0051EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/10/24 12:0 a.m.37 views

SuSE 11.3 Security Update : perl (SAT Patch Number 9858)

This update fixes a memory leak and an infinite recursion in Data::Dumper. CVE-2014-4330 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if...

2.1CVSS7.4AI score0.00554EPSS
Exploits3References4
OSV
OSV
added 2014/10/22 12:23 a.m.8 views

SUSE-RU-2015:0562-1 Security update for perl

This update fixes a memory leak and an infinite recursion in Data::Dumper. CVE-2014-4330 Security Issues: CVE-2014-4330...

2.1CVSS6.2AI score0.00554EPSS
Exploits3References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Linux Kernel 2.6.x NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23677/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted. A local attacker may exploit this issue to trigger an infinite-recursion stack-bas...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.21 views

openSUSE Security Update : gpg2 (openSUSE-SU-2013:1546-1)

gpg2 was updated to fix a denial of service attack through infinite recursion in the compressed packet parser bnc844175 CVE-2013-4402. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

5CVSS7.8AI score0.0503EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/03/14 12:0 a.m.42 views

Mandriva Linux Security Advisory : file (MDVSA-2014:051)

Updated file package fixes security vulnerability : It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally,...

5CVSS8.3AI score0.0507EPSS
Exploits1References4
OSV
OSV
added 2014/02/22 7:10 p.m.18 views

MGASA-2014-0092 Updated file package fixes security vulnerability

It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...

5CVSS6.2AI score0.0507EPSS
Exploits0References3
Mageia
Mageia
added 2014/02/22 7:10 p.m.52 views

Updated file package fixes security vulnerability

It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...

5CVSS7.7AI score0.0507EPSS
Exploits0References2
NVD
NVD
added 2014/02/18 7:55 p.m.29 views

CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

5CVSS6AI score0.0507EPSS
Exploits0References14
OSV
OSV
added 2014/02/18 7:55 p.m.11 views

CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

6AI score
Exploits0References16
OSV
OSV
added 2014/02/18 7:55 p.m.2 views

DEBIAN-CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

5CVSS6.6AI score0.0507EPSS
Exploits0References1
CVE
CVE
added 2014/02/18 7:0 p.m.193 views

CVE-2014-1943

CVE-2014-1943 affects the file(1) utility and its libmagic component. A crafted indirect offset value in the file(1) magic can cause context-dependent attackers to trigger infinite recursion, CPU exhaustion, and a crash, i.e., denial of service. The vulnerability is described as applicable to fil...

5CVSS5.5AI score0.0507EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder