CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-2199 – 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
https://notcve.org/view.php?id=CVE-2024-2199
A denial of service vulnerability was found in 389-ds-base ldap server. • https://access.redhat.com/errata/RHSA-2024:3591 https://access.redhat.com/errata/RHSA-2024:3837 https://access.redhat.com/errata/RHSA-2024:4092 https://access.redhat.com/errata/RHSA-2024:4209 https://access.redhat.com/errata/RHSA-2024:4210 https://access.redhat.com/errata/RHSA-2024:4235 https://access.redhat.com/errata/RHSA-2024:4633 https://access.redhat.com/security/cve/CVE-2024-2199 https://bugzilla.redhat.com/show_bug.cgi?id=2267976 https://access.redhat.com/er • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-30312
https://notcve.org/view.php?id=CVE-2023-30312
An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). • https://blog.apnic.net/2024/06/18/off-path-tcp-hijacking-in-nat-enabled-wi-fi-networks https://news.ycombinator.com/item?id=40723150 https://openwrt.org/docs/guide-developer/security https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-27310 – DOS Vulnerability
https://notcve.org/view.php?id=CVE-2024-27310
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query. Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa. Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. • https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35238 – Denial of service of Minder Server from maliciously crafted GitHub attestations
https://notcve.org/view.php?id=CVE-2024-35238
Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. ... The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. ... Minder fetches attestations and crashes thereby being denied of service. ... Minder anterior a la versión 0.0.51 es vulnerable a un ataque de denegación de servicio (DoS) que podría permitir a un atacante bloquear el servidor Minder y negar el acceso a él a otros usuarios. ... La forma en que Minder analiza la respuesta en la línea 295 la hace propensa a DoS si la respuesta es lo suficientemente grande. • https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300 https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892 https://github.com/stacklok/minder/security/advisories/GHSA-8fmj-33gw-g7pw • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35231 – rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
https://notcve.org/view.php?id=CVE-2024-35231
Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. • https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7 https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869 • CWE-770: Allocation of Resources Without Limits or Throttling •