CVE-2023-51368 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-51368
If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-476: NULL Pointer Dereference •
CVE-2024-24759 – MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
https://notcve.org/view.php?id=CVE-2024-24759
The vulnerability can also lead to denial of service. • https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-45589
https://notcve.org/view.php?id=CVE-2024-45589
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. • https://github.com/BenRogozinski/CVE-2024-45589 https://benrogozinski.github.io/CVE-2024-45589 https://help.rapididentity.com/docs/rapididentity-lts-release-notes • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2024-20505 – ClamAV Memory Handling DoS
https://notcve.org/view.php?id=CVE-2024-20505
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. • https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html •
CVE-2024-45395 – Unbounded loop over untrusted input can lead to endless data attack
https://notcve.org/view.php?id=CVE-2024-45395
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. ... This can be used to consume excessive CPU resources, leading to a denial of service attack. • https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/signature.go#L183-L193 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tlog.go#L74-L178 https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tsa.go#L59-L68 https://github.com/sigstore/sigstore-go/commit/01e70e89e58226286d7977b4dba43b6be472b12c https://github.com/sigstore/sigstore-go/security/advisories/GHSA-cq38-jh5f-37mq • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •