CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6598 – Denial-of-service on KNIME Business Hub when certain jobs are executed
https://notcve.org/view.php?id=CVE-2024-6598
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. • https://www.knime.com/security/advisories#CVE-2024-6598 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-22271 – Spring Cloud Function Web DOS Vulnerability
https://notcve.org/view.php?id=CVE-2024-22271
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published. En el framework Spring Cloud Function, versiones 4.1.x anteriores a 4.1.2, 4.0.x anteriores a 4.0.8, una aplicación es vulnerable a un ataque de DOS cuando intenta componer funciones con funciones no existentes. Específicamente, una aplicación es vulnerable cuando se cumple todo lo siguiente: El usuario está utilizando el módulo web Spring Cloud Function Productos y versiones de Spring afectados Spring Cloud Function Framework 4.1.0 a 4.1.2 4.0.0 a 4.0.8 Referencias https:// spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ Historia 2020-01-16: Informe inicial de vulnerabilidad publicado. • https://spring.io/security/cve-2024-22271 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39876
https://notcve.org/view.php?id=CVE-2024-39876
This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39869
https://notcve.org/view.php?id=CVE-2024-39869
An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37996
https://notcve.org/view.php?id=CVE-2024-37996
An attacker could leverage this vulnerability to crash the application causing denial of service condition. ... An attacker could leverage this vulnerability to crash the application causing denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-824889.html https://cert-portal.siemens.com/productcert/html/ssa-959281.html • CWE-476: NULL Pointer Dereference •