CVE-2024-6227 – Infinite Loop in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6227
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. • https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-39895 – Directus GraphQL Field Duplication Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2024-39895
A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. ... By modifying the data sent and duplicating many times the fields a DoS attack is possible. ... Modificando los datos enviados y duplicando muchas veces los campos es posible un ataque DoS. Esta vulnerabilidad se solucionó en 10.12.0. • https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8 https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-34702 – Botan has a Denial of Service Due to Excessive Name Constraints
https://notcve.org/view.php?id=CVE-2024-34702
An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. • https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1 https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41 https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8 https://github.com/randombit/botan/pull/4034 https://github.com/randombit/botan& • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVE-2023-50240
https://notcve.org/view.php?id=CVE-2023-50240
Existen dos vulnerabilidades de desbordamiento de búfer en la región stack de la memoria en la funcionalidad boa set_RadvdInterfaceParam de Realtek rtl819x Jungle SDK v3.4.11. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-50239
https://notcve.org/view.php?id=CVE-2023-50239
Existen dos vulnerabilidades de desbordamiento de búfer en la región stack de la memoria en la funcionalidad boa set_RadvdInterfaceParam de Realtek rtl819x Jungle SDK v3.4.11. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •