Page 124 of 38410 results (0.077 seconds)

CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. ... This can be used to consume excessive CPU resources, leading to a denial of service attack. • https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/signature.go#L183-L193 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tlog.go#L74-L178 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tsa.go#L59-L68 https://github.com/sigstore/sigstore-go/commit/01e70e89e58226286d7977b4dba43b6be472b12c https://github.com/sigstore/sigstore-go/security/advisories/GHSA-cq38-jh5f-37mq • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A double DMA unmapping can trigger a kernel warning and cause a denial of service. • https://git.kernel.org/stable/c/578fcfd26e2a1d0e687b347057959228567e2af8 https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13 https://access.redhat.com/security/cve/CVE-2024-44984 https://bugzilla.redhat.com/show_bug.cgi?id=2309847 • CWE-1341: Multiple Releases of Same Resource or Handle •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

This may lead to excessive memory consumption in a server or a client, causing a denial of service. • https://github.com/eclipse-vertx/vertx-grpc/issues/113 https://gitlab.eclipse.org/security/cve-assignement/-/issues/31 https://access.redhat.com/security/cve/CVE-2024-8391 https://bugzilla.redhat.com/show_bug.cgi?id=2309758 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0

The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. ... Excessive input with a specific sequence of characters may lead to denial of service. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21forum/django-announce https://www.djangoproject.com/weblog/2024/sep/03/security-releases https://access.redhat.com/security/cve/CVE-2024-45230 https://bugzilla.redhat.com/show_bug.cgi?id=2314485 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns. A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. • https://access.redhat.com/security/cve/CVE-2024-8418 https://bugzilla.redhat.com/show_bug.cgi?id=2309683 https://github.com/containers/aardvark-dns/issues/500 https://github.com/containers/aardvark-dns/pull/503 • CWE-400: Uncontrolled Resource Consumption •