CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5208 – Uncontrolled Resource Consumption in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-5208
This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. ... Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DOS) apagando el servidor mediante el envío de solicitudes de carga no válidas. • https://github.com/mintplex-labs/anything-llm/commit/e2439c6d4c3cfdacd96cd1b7b92d1f89c3cc8459 https://huntr.com/bounties/6c8bdfa1-ec56-4b02-bde9-cfc27470e6ca • CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38277 – moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
https://notcve.org/view.php?id=CVE-2024-38277
Se debe generar una clave única para la clave de inicio de sesión QR de un usuario y su clave de inicio de sesión automático, de modo que la misma clave no se pueda usar indistintamente entre las dos. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E https://moodle.org/mod/forum/discuss.php?d=459502 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37904 – Denial of service from maliciously configured Git repository in Minder
https://notcve.org/view.php?id=CVE-2024-37904
Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. ... The `(g *Git) Clone()` method is vulnerable to a DoS attack: A Minder user can instruct Minder to clone a large repository which will exhaust memory and crash the Minder server. ... El método `(g *Git) Clone()` es vulnerable a un ataque DoS: un usuario de Minder puede indicarle a Minder que clone un repositorio grande que agotará la memoria y bloqueará el servidor de Minder. • https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89 https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62 https://github.com/stacklok/minder/commit/7979b43 https://github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-5953 – 389-ds-base: malformed userpassword hash may cause denial of service
https://notcve.org/view.php?id=CVE-2024-5953
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. • https://access.redhat.com/errata/RHSA-2024:4633 https://access.redhat.com/security/cve/CVE-2024-5953 https://bugzilla.redhat.com/show_bug.cgi?id=2292104 https://access.redhat.com/errata/RHSA-2024:4997 https://access.redhat.com/errata/RHSA-2024:5192 https://access.redhat.com/errata/RHSA-2024:5690 https://access.redhat.com/errata/RHSA-2024:6153 https://access.redhat.com/errata/RHSA-2024:6568 https://access.redhat.com/errata/RHSA-2024:6569 https://access.redhat.com/er • CWE-1288: Improper Validation of Consistency within Input •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37890 – Denial of service when handling a request with many HTTP headers in ws
https://notcve.org/view.php?id=CVE-2024-37890
A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service. • https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 https://github.com/websockets/ws/issues/2230 https://github.com/websockets/ws/pull/2231 https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q https://nodejs.org/api/http.html#servermaxheaderscount https: • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •