CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34392 – libxmljs namespaces type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34392
This vulnerability can lead to denial of service and remote code execution. libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando analiza un XML especialmente manipulado mientras se invoca la función namespaces() (que invoca _wrap__xmlNode_nsDef_get()) en un nieto de un nodo que hace referencia a una entidad. • https://github.com/libxmljs/libxmljs/issues/646 https://research.jfrog.com/vulnerabilities/libxmljs-namespaces-type-confusion-rce-jfsa-2024-001034096 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-4029 – Wildfly: no timeout for eap management interface may lead to denial of service (dos)
https://notcve.org/view.php?id=CVE-2024-4029
Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections. • https://access.redhat.com/security/cve/CVE-2024-4029 https://bugzilla.redhat.com/show_bug.cgi?id=2278615 https://access.redhat.com/errata/RHSA-2024:8075 https://access.redhat.com/errata/RHSA-2024:8076 https://access.redhat.com/errata/RHSA-2024:8077 https://access.redhat.com/errata/RHSA-2024:8080 https://access.redhat.com/errata/RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8826 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30251 – Denial of service when trying to parse malformed POST requests in aiohttp
https://notcve.org/view.php?id=CVE-2024-30251
This denial of service can be triggered by a single unauthenticated POST request. AIOHTTP handles multipart strings through a process of segmenting them into chunks. • http://www.openwall.com/lists/oss-security/2024/05/02/4 https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597 https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19 https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84 https://access.redhat.com/security/cve/CVE-2024-30251 https://bugzilla.redhat.com/show_bug.cgi?id=2278710 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23462 – ZCC Mac validinstaller file integrity check missing
https://notcve.org/view.php?id=CVE-2024-23462
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4 • CWE-354: Improper Validation of Integrity Check Value •