CVE-2024-10344 – Unauthenticated Denial of Service via Refuse Function
https://notcve.org/view.php?id=CVE-2024-10344
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. • https://portal.perforce.com/s/detail/a91PA000001SZOrYAO • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-10345 – Unauthenticated Denial of Service via Shutdown Function
https://notcve.org/view.php?id=CVE-2024-10345
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. • https://portal.perforce.com/s/detail/a91PA000001SZQTYA4 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-38826 – CVE-2024-38826 Cloud Controller Denial of Service Attack
https://notcve.org/view.php?id=CVE-2024-38826
This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. • https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack •
CVE-2024-52532 – libsoup: infinite loop while reading websocket data
https://notcve.org/view.php?id=CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. ... This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from accepting any further connections, leading to a denial of service. • https://gitlab.gnome.org/GNOME/libsoup/-/issues/391 https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/410 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://access.redhat.com/security/cve/CVE-2024-52532 https://bugzilla.redhat.com/show_bug.cgi?id=2325276 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-40457
https://notcve.org/view.php?id=CVE-2023-40457
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks." • https://blog.benjojo.co.uk/asset/JgH8G5duO1 https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5 • CWE-209: Generation of Error Message Containing Sensitive Information •