CVE-2020-28196

MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...

PT-2020-6887

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.17.2 and earlier, 1.18.x versions prior to 1.18.3 MySQL Server version 8.0.23 and earlier Description The issue is related to unbounded recursion via an ASN.1-encoded Kerberos message due to the lack of a recursion...

The vulnerability of the smb_fdata() function in the tcpdump utility for intercepting and analyzing network traffic allows a hacker to induce a service failure.

The vulnerability of the smbfdata function smbutil.c in the tool for capturing and analyzing network traffic, tcpdump, is caused by an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2447)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smbfdata via recursion...

tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c

An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTRSET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion du...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : libproxy (EulerOS-SA-2020-2304)

According to the versions of the libproxy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered...

Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

Amazon Linux 2 : libcroco (ALAS-2020-1521)

The version of libcroco installed on the remote host is prior to 0.6.12-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1521 advisory. A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated...

Prototype Pollution

Overview chart.js is a Simple HTML5 charts using the canvas element. Affected versions of this package are vulnerable to Prototype Pollution. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deep...

The vulnerability of the XACK DNS server, caused by uncontrolled recursion, allows attackers to trigger a service failure.

The vulnerability of the XACK DNS server stems from an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2184)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the glibc library lies in its uncontrolled recursion during the search for matches using a regular expression, which allows an attacker to cause a service failure.

The vulnerability of the glibc library is related to uncontrolled recursion during the search for matches using a regular expression. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

FreeBSD : libexif -- multiple vulnerabilities (cff0b2e2-0716-11eb-9e5d-08002728f74c)

Release notes : Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others : CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could...

Design/Logic Flaw

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox 8...

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-2063)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2105)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...