CVE-2024-8041 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-8041
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. • https://gitlab.com/gitlab-org/gitlab/-/issues/463092 https://hackerone.com/reports/2499070 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-43398 – REXML denial of service vulnerability
https://notcve.org/view.php?id=CVE-2024-43398
The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. ... This package is vulnerable to denial of service (DoS) when parsing a deep XML structure with the same local name attribute. • https://github.com/ruby/rexml/releases/tag/v3.3.6 https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 https://access.redhat.com/security/cve/CVE-2024-43398 https://bugzilla.redhat.com/show_bug.cgi?id=2307297 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2024-45169
https://notcve.org/view.php?id=CVE-2024-45169
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-052.txt • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-45163
https://notcve.org/view.php?id=CVE-2024-45163
The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data. • https://github.com/0romos/CVE-2024-45163 https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1 https://pastebin.com/6tqHnCva https://youtu.be/aJkvSr85ML8 • CWE-400: Uncontrolled Resource Consumption •