CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28866 – GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
https://notcve.org/view.php?id=CVE-2024-28866
In practice exploiting this to perform privileged actions is likely rather difficult to exploit because the target user would need to be triggered to open an attacker-crafted link in the period where the server is starting up (but not completely started), requiring chaining with a separate denial-of-service vulnerability. • https://github.com/gocd/gocd/commit/388d8893ec4cac51d2b76e923cc9b55c7703e402 https://github.com/gocd/gocd/releases/tag/24.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-q882-q6mm-mgvh https://www.gocd.org/releases/#24-1-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25581 – Transfer requests received over DoH can lead to a denial of service in DNSdist
https://notcve.org/view.php?id=CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. • http://www.openwall.com/lists/oss-security/2024/05/13/1 https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4067 – Regular Expression Denial of Service in micromatch
https://notcve.org/view.php?id=CVE-2024-4067
The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). ... The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). ... A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). • https://devhub.checkmarx.com/cve-details/CVE-2024-4067 https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448 https://github.com/micromatch/micromatch/issues/243 https://github.com/micromatch/micromatch/pull/247 https://github.com/micromatch/micromatch/pull/266 https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade https://github.com/micromatch/micromatch/releases/tag/4.0.8 https://advisory.checkmarx.net/advisory/CVE-2024-4067 https:/&#x • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4791 – Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service
https://notcve.org/view.php?id=CVE-2024-4791
The manipulation leads to denial of service. ... Dank der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASER-B_APDU.pcapng https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASRT-B_2_CVE_apply.pdf https://vuldb.com/?ctiid.263890 https://vuldb.com/?id.263890 https://vuldb.com/?submit.323630 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 2.7EPSS: 0%CPEs: -EXPL: 0CVE-2023-47711 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2023-47711
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271526 https://www.ibm.com/support/pages/node/7150840 • CWE-434: Unrestricted Upload of File with Dangerous Type •