CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0NotCVE-2023-0002 – Buffer overflow in NVD Tools
https://notcve.org/view.php?id=NotCVE-2023-0002
A buffer overflow leading to a denial of service has been found in the NVD Tools, a collection of tools for working with National Vulnerability Database feeds. • https://github.com/facebookincubator/nvdtools https://github.com/facebookincubator/nvdtools/pull/201/commits/81447a60e831223814cc146df3bb172dfd4d52f8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10270 – Org.keycloak:keycloak-services: keycloak denial of service
https://notcve.org/view.php?id=CVE-2024-10270
If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-10270 https://bugzilla.redhat.com/show_bug.cgi?id=2321214 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-9666 – Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability
https://notcve.org/view.php?id=CVE-2024-9666
The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. ... This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-9666 https://bugzilla.redhat.com/show_bug.cgi?id=2317440 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-50671
https://notcve.org/view.php?id=CVE-2024-50671
This makes it possible for attackers to disclose the email addresses of all users. • https://github.com/adaptlearning/adapt_authoring https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50671 •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-50672
https://notcve.org/view.php?id=CVE-2024-50672
The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. • https://github.com/adaptlearning/adapt_authoring https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50672 •