CVE-2024-24759 – MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
https://notcve.org/view.php?id=CVE-2024-24759
The vulnerability can also lead to denial of service. • https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-45589
https://notcve.org/view.php?id=CVE-2024-45589
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. • https://github.com/BenRogozinski/CVE-2024-45589 https://benrogozinski.github.io/CVE-2024-45589 https://help.rapididentity.com/docs/rapididentity-lts-release-notes • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2024-20505 – ClamAV Memory Handling DoS
https://notcve.org/view.php?id=CVE-2024-20505
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. • https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html •
CVE-2024-45395 – Unbounded loop over untrusted input can lead to endless data attack
https://notcve.org/view.php?id=CVE-2024-45395
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these data structures is computationally expensive. This can be used to consume excessive CPU resources, leading to a denial of service attack. ... This vulnerability is addressed with sigstore-go 0.6.1, which adds hard limits to the number of verifiable data structures that can be processed in a bundle. ... These limits are intended to be high enough to accommodate the vast majority of use cases, while preventing the verification of maliciously crafted bundles that contain large amounts of verifiable data. • https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/signature.go#L183-L193 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tlog.go#L74-L178 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tsa.go#L59-L68 https://github.com/sigstore/sigstore-go/commit/01e70e89e58226286d7977b4dba43b6be472b12c https://github.com/sigstore/sigstore-go/security/advisories/GHSA-cq38-jh5f-37mq • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-44984 – bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2024-44984
A double DMA unmapping can trigger a kernel warning and cause a denial of service. • https://git.kernel.org/stable/c/578fcfd26e2a1d0e687b347057959228567e2af8 https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13 https://access.redhat.com/security/cve/CVE-2024-44984 https://bugzilla.redhat.com/show_bug.cgi?id=2309847 • CWE-1341: Multiple Releases of Same Resource or Handle •