CVSS: 4.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-20505 – ClamAV Memory Handling DoS
https://notcve.org/view.php?id=CVE-2024-20505
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. • https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45395 – Unbounded loop over untrusted input can lead to endless data attack
https://notcve.org/view.php?id=CVE-2024-45395
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. ... This can be used to consume excessive CPU resources, leading to a denial of service attack. • https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/signature.go#L183-L193 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tlog.go#L74-L178 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tsa.go#L59-L68 https://github.com/sigstore/sigstore-go/commit/01e70e89e58226286d7977b4dba43b6be472b12c https://github.com/sigstore/sigstore-go/security/advisories/GHSA-cq38-jh5f-37mq • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44984 – bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2024-44984
A double DMA unmapping can trigger a kernel warning and cause a denial of service. • https://git.kernel.org/stable/c/578fcfd26e2a1d0e687b347057959228567e2af8 https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13 https://access.redhat.com/security/cve/CVE-2024-44984 https://bugzilla.redhat.com/show_bug.cgi?id=2309847 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8391 – Eclipse Vert.x gRPC server does not limit the maximum message size
https://notcve.org/view.php?id=CVE-2024-8391
This may lead to excessive memory consumption in a server or a client, causing a denial of service. • https://github.com/eclipse-vertx/vertx-grpc/issues/113 https://gitlab.eclipse.org/security/cve-assignement/-/issues/31 https://access.redhat.com/security/cve/CVE-2024-8391 https://bugzilla.redhat.com/show_bug.cgi?id=2309758 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-45230 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-45230
The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. ... Excessive input with a specific sequence of characters may lead to denial of service. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21forum/django-announce https://www.djangoproject.com/weblog/2024/sep/03/security-releases https://access.redhat.com/security/cve/CVE-2024-45230 https://bugzilla.redhat.com/show_bug.cgi?id=2314485 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •