CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-03-20
Waiting for details
CVE-2023-26513

Updating...
 

 
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

 
2022-02-18
Low
CVE-2022-0585

Vendor: Wireshark
Software: Wireshark
 

 
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

 
2021-12-08
Low
CVE-2021-43545

Vendor: Mozilla
Software: Firefox
 

 
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

 
2021-11-19
Medium
CVE-2021-39924

Vendor: Wireshark
Software: Wireshark
 

 
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

 
2021-09-09
Waiting for details
CVE-2021-39204

Updating...
 

 
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

 
2021-08-24
Medium
CVE-2021-32778

Vendor: Envoyproxy
Software: Envoy
 

 
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy�??s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.

 
2021-03-20
Low
CVE-2021-28950

Vendor: Linux
Software: Linux kernel
 

 
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

 
2021-03-19
Low
CVE-2021-27807

Vendor: Apache
Software: Pdfbox
 

 
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

 
2020-11-23
Low
CVE-2018-20805

Vendor: Mongodb
Software: Mongodb
 

 
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.

 
2018-10-25
Low
CVE-2018-18651

Vendor: Xpdfreader
Software: XPDF
 

 
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top