Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20819 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-07-21 | 7.5 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. | ||||
| CVE-2019-20815 | 1 Foxitsoftware | 1 Phantompdf | 2021-07-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | ||||
| CVE-2019-8961 | 1 Flexera | 1 Flexnet Publisher | 2021-07-21 | 7.5 High |
| A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition. | ||||
| CVE-2020-9861 | 1 Apple | 1 Swift | 2021-07-21 | 7.5 High |
| A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. | ||||
| CVE-2019-9543 | 1 Freedesktop | 1 Poppler | 2021-07-21 | N/A |
| An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | ||||
| CVE-2021-36154 | 1 Linuxfoundation | 1 Grpc Swift | 2021-07-13 | 7.5 High |
| HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. | ||||
| CVE-2021-28210 | 1 Tianocore | 1 Edk2 | 2021-06-24 | 7.8 High |
| An unlimited recursion in DxeCore in EDK II. | ||||
| CVE-2021-27432 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua .net Standard Stack | 2021-06-01 | 7.5 High |
| OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | ||||
| CVE-2021-29615 | 1 Google | 1 Tensorflow | 2021-05-18 | 5.5 Medium |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | ||||
| CVE-2019-18853 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 6.5 Medium |
| ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | ||||
| CVE-2021-21359 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 7.5 High |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. | ||||
| CVE-2020-1898 | 1 Facebook | 1 Hhvm | 2021-03-17 | 7.5 High |
| The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | ||||
| CVE-2021-28040 | 1 Ossec | 1 Ossec | 2021-03-09 | 7.5 High |
| An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. | ||||
| CVE-2020-26883 | 1 Lightbend | 1 Play Framework | 2020-11-10 | 7.5 High |
| In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | ||||
| CVE-2020-26882 | 1 Lightbend | 1 Play Framework | 2020-11-10 | 7.5 High |
| In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | ||||
| CVE-2019-1010183 | 1 Serde-yaml Project | 1 Serde-yaml | 2020-08-24 | N/A |
| serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later. | ||||
| CVE-2019-11024 | 1 Libsixel Project | 1 Libsixel | 2020-08-24 | N/A |
| The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. | ||||
| CVE-2018-1158 | 1 Mikrotik | 1 Routeros | 2020-08-24 | N/A |
| Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. | ||||
| CVE-2019-1010182 | 1 Yaml-rust Project | 1 Yaml-rust | 2020-08-24 | N/A |
| yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later. | ||||
| CVE-2018-8015 | 1 Apache | 1 Orc | 2020-08-24 | N/A |
| In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack. | ||||