CVE-2024-8508 – Unbounded name compression could lead to Denial of Service
https://notcve.org/view.php?id=CVE-2024-8508
This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. ... Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. • https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt • CWE-606: Unchecked Input for Loop Condition •
CVE-2024-25590 – Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
https://notcve.org/view.php?id=CVE-2024-25590
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html • CWE-20: Improper Input Validation •
CVE-2024-47554 – Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
https://notcve.org/view.php?id=CVE-2024-47554
Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed. • https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 https://access.redhat.com/security/cve/CVE-2024-47554 https://bugzilla.redhat.com/show_bug.cgi?id=2316271 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-47136
https://notcve.org/view.php?id=CVE-2024-47136
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. ... Si un usuario abre un archivo de proyecto especialmente manipulado que se guardó con el software de programación de PLC Kostac versión 1.6.9.0 y anteriores, puede provocar una condición de denegación de servicio (DoS), ejecución de código arbitrario o divulgación de información debido a que los problemas existen en el análisis de los archivos de proyecto de KPP. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-125: Out-of-bounds Read •
CVE-2024-47135
https://notcve.org/view.php?id=CVE-2024-47135
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. ... Si un usuario abre un archivo de proyecto especialmente manipulado que se guardó con el software de programación de PLC Kostac versión 1.6.9.0 y anteriores, puede provocar una condición de denegación de servicio (DoS), ejecución de código arbitrario o divulgación de información debido a que los problemas existen en el análisis de los archivos de proyecto de KPP. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-121: Stack-based Buffer Overflow •