CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39476 – md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
https://notcve.org/view.php?id=CVE-2024-39476
This flaw can cause a deadlock when handling I/O operations due to a conflict between the reconfig_mutex and the MD_SB_CHANGE_PENDING flag, leading to excessive CPU usage and denial of service. • https://git.kernel.org/stable/c/f3d55bd5b7b928ad82f8075d89c908702f3593ab https://git.kernel.org/stable/c/1c00bb624cd084e2006520ad0edacaff0fb941c4 https://git.kernel.org/stable/c/782b3e71c957991ac8ae53318bc369049d49bb53 https://git.kernel.org/stable/c/9e86dffd0b02594d2e7c60c6db9e889c0395414b https://git.kernel.org/stable/c/5e2cf333b7bd5d3e62595a44d598a254c697cd74 https://git.kernel.org/stable/c/7d808fe6af8409cf9f46ed2b10840e5788985e9b https://git.kernel.org/stable/c/1e8c1c2a92692881ac7ec92dcf1c8a846584251b https://git.kernel.org/stable/c/7f71d9817cea3582daa2e903596461f5f • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-33862
https://notcve.org/view.php?id=CVE-2024-33862
This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. ... Esto podría conducir potencialmente a una condición de denegación de servicio (DoS), interrumpiendo el funcionamiento normal del sistema. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3904
https://notcve.org/view.php?id=CVE-2024-3904
As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. ... Como resultado, el atacante puede revelar, alterar, destruir o eliminar información del producto, o provocar una condición de denegación de servicio (DoS) en el producto. • https://jvn.jp/vu/JVNVU91215350/index.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34750 – Apache Tomcat: HTTP/2 excess header handling DoS
https://notcve.org/view.php?id=CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manejó correctamente algunos casos de encabezados HTTP excesivos. • https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l https://access.redhat.com/security/cve/CVE-2024-34750 https://bugzilla.redhat.com/show_bug.cgi?id=2295651 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35227 – Discourse vulnerable to DoS through Onebox
https://notcve.org/view.php?id=CVE-2024-35227
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. • https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36 https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c • CWE-20: Improper Input Validation •