CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-31203
https://notcve.org/view.php?id=CVE-2024-31203
A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31203 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-37281 – Kibana Denial of Service issue
https://notcve.org/view.php?id=CVE-2024-37281
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. • https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37299 – Discourse vulnerable to DoS via Tag Group
https://notcve.org/view.php?id=CVE-2024-37299
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. • https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210 https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39012
https://notcve.org/view.php?id=CVE-2024-39012
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40094 – graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
https://notcve.org/view.php?id=CVE-2024-40094
GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. ... This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. ... This issue could lead to resource exhaustion and service disruption under certain conditions. • https://github.com/graphql-java/graphql-java/releases/tag/v21.5 https://github.com/graphql-java/graphql-java/releases/tag/v20.9 https://github.com/graphql-java/graphql-java/releases/tag/v19.11 https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a https://github.com/graphql-java/graphql-java/discussions/3641 https://github.com/graphql-java/graphql-java/pull/3539 https://access.redhat.com/security/cve/CVE-2024-40094 https://bugzilla.redhat.com/show_bug • CWE-770: Allocation of Resources Without Limits or Throttling •