CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-38440
https://notcve.org/view.php?id=CVE-2024-38440
Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... • https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200 https://github.com/Netatalk/netatalk/issues/1097 https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5 https://netatalk.io/security/CVE-2024-38440 • CWE-193: Off-by-one Error •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5469 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-5469
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. DoS en KAS en GitLab CE/EE que afecta a todas las versiones desde 16.10.0 anteriores a 16.10.6 y 16.11.0 anteriores a 16.11.3 permite a un atacante bloquear KAS mediante solicitudes gRPC manipuladas. • https://gitlab.com/gitlab-org/gitlab/-/issues/464143 • CWE-400: Uncontrolled Resource Consumption CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27142 – Pre-authenticated XXE injection
https://notcve.org/view.php?id=CVE-2024-27142
An attacker can DoS the printers. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
An attacker can DoS the printers by sending a HTTP request without authentication. ... Un atacante puede hacer DoS en las impresoras enviando una solicitud HTTP sin autenticación. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-0086
https://notcve.org/view.php?id=CVE-2024-0086
A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-476: NULL Pointer Dereference •