Total
859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20999 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246750467 | ||||
| CVE-2023-20998 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936 | ||||
| CVE-2023-20997 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702 | ||||
| CVE-2023-20996 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764 | ||||
| CVE-2022-37013 | 1 Unified-automation | 1 Opc Ua C\+\+ Demo Server | 2025-02-18 | 7.5 High |
| This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203. | ||||
| CVE-2024-2757 | 2025-02-13 | 7.5 High | ||
| In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. | ||||
| CVE-2024-25710 | 2 Apache, Redhat | 10 Commons Compress, Amq Broker, Amq Streams and 7 more | 2025-02-13 | 8.1 High |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | ||||
| CVE-2024-30251 | 2 Aio-libs Project, Redhat | 3 Aiohttp, Ansible Automation Platform, Rhui | 2025-02-13 | 7.5 High |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions. | ||||
| CVE-2024-24788 | 1 Redhat | 14 Ansible Automation Platform, Cost Management, Cryostat and 11 more | 2025-02-13 | 5.9 Medium |
| A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | ||||
| CVE-2024-24786 | 2 Golang, Redhat | 23 Go, Acm, Cluster Observability Operator and 20 more | 2025-02-13 | 7.5 High |
| The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | ||||
| CVE-2024-24746 | 1 Apache | 1 Nimble | 2025-02-13 | 7.5 High |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | ||||
| CVE-2024-2397 | 2025-02-13 | 6.2 Medium | ||
| Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. | ||||
| CVE-2024-1931 | 2 Fedoraproject, Nlnetlabs | 2 Fedora, Unbound | 2025-02-13 | 7.5 High |
| NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely. | ||||
| CVE-2023-0437 | 1 Mongodb | 1 C Driver | 2025-02-13 | 5.3 Medium |
| When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. | ||||
| CVE-2023-24537 | 2 Golang, Redhat | 21 Go, Advanced Cluster Security, Ansible Automation Platform and 18 more | 2025-02-13 | 7.5 High |
| Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | ||||
| CVE-2023-22036 | 4 Debian, Netapp, Oracle and 1 more | 16 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 13 more | 2025-02-13 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2022-21299 | 4 Debian, Netapp, Oracle and 1 more | 25 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 22 more | 2025-02-13 | 5.3 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2021-3468 | 3 Avahi, Debian, Redhat | 4 Avahi, Debian Linux, Enterprise Linux and 1 more | 2025-02-13 | 5.5 Medium |
| A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. | ||||
| CVE-2021-28657 | 2 Apache, Oracle | 5 Tika, Communications Messaging Server, Healthcare Foundation and 2 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | ||||
| CVE-2021-27807 | 4 Apache, Fedoraproject, Oracle and 1 more | 17 Pdfbox, Fedora, Banking Trade Finance Process Management and 14 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||||