CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-30172 – org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
https://notcve.org/view.php?id=CVE-2024-30172
This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service. • https://security.netapp.com/advisory/ntap-20240614-0007 https://www.bouncycastle.org/latest_releases.html https://access.redhat.com/security/cve/CVE-2024-30172 https://bugzilla.redhat.com/show_bug.cgi?id=2293025 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24788 – Malformed DNS message can cause infinite loop in net
https://notcve.org/view.php?id=CVE-2024-24788
This issue can lead to resource exhaustion and denial of service (DoS) conditions. • http://www.openwall.com/lists/oss-security/2024/05/08/3 https://go.dev/cl/578375 https://go.dev/issue/66754 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2824 https://security.netapp.com/advisory/ntap-20240605-0002 https://security.netapp.com/advisory/ntap-20240614-0001 https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2746 – Incomplete fix for CVE-2024-1929
https://notcve.org/view.php?id=CVE-2024-2746
All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. • https://github.com/xct/CVE-2024-27460 https://github.com/Alaatk/CVE-2024-27460 https://github.com/Alaatk/CVE-2024-27462 https://github.com/10cks/CVE-2024-27460-installer https://www.openwall.com/lists/oss-security/2024/04/03/5 • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-33382
https://notcve.org/view.php?id=CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration Un problema en Open5GS v.2.7.0 permite a un atacante provocar una denegación de servicio a través del registro fallido de 64 UE/gnb • https://github.com/open5gs/open5gs/issues/2733 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23712
https://notcve.org/view.php?id=CVE-2024-23712
This could lead to local denial of service with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/6beb68ca17d1220f3f09a53cf0a0c541db4ead62 https://source.android.com/security/bulletin/2024-04-01 •