CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-21823 – kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
https://notcve.org/view.php?id=CVE-2024-21823
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. • http://www.openwall.com/lists/oss-security/2024/05/15/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html https://access.redhat.com/security/cve/CVE-2024-21823 https://bugzilla.redhat.com/show_bug.cgi?id=2278989 • CWE-400: Uncontrolled Resource Consumption CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47717 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2023-47717
IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271690 https://www.ibm.com/support/pages/node/7152469 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4603 – Excessive time spent checking DSA keys and parameters
https://notcve.org/view.php?id=CVE-2024-4603
Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. ... However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the `-check` option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. ... In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. • http://www.openwall.com/lists/oss-security/2024/05/16/2 https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397 https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740 https://security.netapp.com/advisory/ntap-20240621-0001 https://www.openssl.org/news/secadv/20240516.txt https://access.redhat.com/security/cve/CVE-2024&# • CWE-606: Unchecked Input for Loop Condition CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34905
https://notcve.org/view.php?id=CVE-2024-34905
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. ... Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) mediante una entrada manipulada. • https://github.com/CloudWise-OpenSource/FlyFish/issues/191 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35185 – Denial of service of Minder Server with attacker-controlled REST endpoint
https://notcve.org/view.php?id=CVE-2024-35185
Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. • https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •