Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14861 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-8537 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | |||||
| CVE-2017-8536 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | |||||
| CVE-2017-10910 | 1 Mqtt.js Project | 1 Mqtt.js | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. | |||||
| CVE-2024-32609 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 7.5 HIGH |
| HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. | |||||
| CVE-2025-43708 | 2025-04-17 | N/A | 3.3 LOW | ||
| VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue. | |||||
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 14 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 11 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | |||||
| CVE-2025-32387 | 2025-04-11 | N/A | 6.5 MEDIUM | ||
| Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3. | |||||
| CVE-2025-1492 | 1 Wireshark | 1 Wireshark | 2025-04-10 | N/A | 7.8 HIGH |
| Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-47662 | 1 Gpac | 1 Gpac | 2025-04-10 | N/A | 5.5 MEDIUM |
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | |||||
| CVE-2023-29001 | 1 Contiki-ng | 1 Contiki-ng | 2025-04-10 | N/A | 7.5 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability. | |||||
| CVE-2007-3409 | 3 Canonical, Debian, Net-dns | 3 Ubuntu Linux, Debian Linux, Net\ | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | |||||
| CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 7 Ubuntu Linux, Suse Linux, Php and 4 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | |||||
| CVE-2023-22617 | 1 Powerdns | 1 Recursor | 2025-04-03 | N/A | 7.5 HIGH |
| A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1. | |||||
| CVE-2022-37034 | 1 Dotcms | 1 Dotcms | 2025-03-27 | N/A | 5.3 MEDIUM |
| In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | |||||
| CVE-2024-58103 | 2025-03-16 | N/A | 5.8 MEDIUM | ||
| Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt. | |||||
| CVE-2024-58102 | 2025-03-11 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions. | |||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 7.5 HIGH |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | |||||
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2025-02-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |||||
| CVE-2024-57257 | 2025-02-19 | N/A | 2.0 LOW | ||
| A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. | |||||