CVE-2024-3332 – bt: host/smp: DoS caused by null pointer dereference
https://notcve.org/view.php?id=CVE-2024-3332
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4 • CWE-476: NULL Pointer Dereference •
CVE-2024-32498 – OpenStack: malicious qcow2/vmdk images
https://notcve.org/view.php?id=CVE-2024-32498
This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. • https://launchpad.net/bugs/2059809 https://www.openwall.com/lists/oss-security/2024/07/02/2 http://www.openwall.com/lists/oss-security/2024/07/02/2 https://security.openstack.org/ossa/OSSA-2024-001.html https://access.redhat.com/security/cve/CVE-2024-32498 https://bugzilla.redhat.com/show_bug.cgi?id=2278663 • CWE-400: Uncontrolled Resource Consumption CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-6126 – Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv option
https://notcve.org/view.php?id=CVE-2024-6126
This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. • https://access.redhat.com/security/cve/CVE-2024-6126 https://bugzilla.redhat.com/show_bug.cgi?id=2292897 https://access.redhat.com/errata/RHSA-2024:9325 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-6428 – Limited DoS due to permitting creating users with user-defined IDs
https://notcve.org/view.php?id=CVE-2024-6428
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken functionality in User Management such administrative actions against the user not working. Las versiones de Mattermost 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 no evitan especificar un RemoteId al crear un nuevo usuario, lo que permite a un atacante especificar ambos. un ID remoto y el ID de usuario, lo que da como resultado la creación de un usuario con un ID de usuario definido por el usuario. Esto puede provocar que alguna funcionalidad rota en la Gestión de usuarios, como por ejemplo acciones administrativas contra el usuario, no funcionen. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •
CVE-2024-6434 – Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service
https://notcve.org/view.php?id=CVE-2024-6434
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. • https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676 https://plugins.trac.wordpress.org/changeset/3110991 https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •