CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-27310 – DOS Vulnerability
https://notcve.org/view.php?id=CVE-2024-27310
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query. Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa. Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. • https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35238 – Denial of service of Minder Server from maliciously crafted GitHub attestations
https://notcve.org/view.php?id=CVE-2024-35238
Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. ... The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. ... Minder fetches attestations and crashes thereby being denied of service. ... Minder anterior a la versión 0.0.51 es vulnerable a un ataque de denegación de servicio (DoS) que podría permitir a un atacante bloquear el servidor Minder y negar el acceso a él a otros usuarios. ... La forma en que Minder analiza la respuesta en la línea 295 la hace propensa a DoS si la respuesta es lo suficientemente grande. • https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300 https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892 https://github.com/stacklok/minder/security/advisories/GHSA-8fmj-33gw-g7pw • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35231 – rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
https://notcve.org/view.php?id=CVE-2024-35231
Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. • https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7 https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36055
https://notcve.org/view.php?id=CVE-2024-36055
Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). • https://www.marvintest.com/Downloads.aspx?prodId=12&search=package https://www.marvintest.com/KnowledgeBase/KBArticle.aspx?ID=362 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-46442
https://notcve.org/view.php?id=CVE-2023-46442
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS). Un bucle infinito en la función retrieveActiveBody de Soot anterior a v4.4.1 en Java 8 permite a los atacantes provocar una denegación de servicio (DoS). • https://github.com/JAckLosingHeart/CVE-2023-46442_POC/tree/main https://github.com/soot-oss/soot • CWE-400: Uncontrolled Resource Consumption •