CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9367 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-9367
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. • https://gitlab.com/gitlab-org/gitlab/-/issues/496631 https://hackerone.com/reports/2735311 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-54101
https://notcve.org/view.php?id=CVE-2024-54101
Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. • https://consumer.huawei.com/en/support/bulletin/2024/12 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12401 – Cert-manager: potential dos when parsing specially crafted pem inputs
https://notcve.org/view.php?id=CVE-2024-12401
This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. ... Esta falla permite que un atacante que pueda modificar los datos PEM que lee el cert-manager, por ejemplo, en un recurso secreto, utilice grandes cantidades de CPU en el módulo controlador del cert-manager para crear efectivamente un vector de denegación de servicio (DoS) para el cert-manager en el clúster. • https://access.redhat.com/security/cve/CVE-2024-12401 https://bugzilla.redhat.com/show_bug.cgi?id=2327929 https://github.com/cert-manager/cert-manager/pull/7400 https://github.com/cert-manager/cert-manager/pull/7401 https://github.com/cert-manager/cert-manager/pull/7402 https://github.com/cert-manager/cert-manager/pull/7403 https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 https://go.dev/issue/50116 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41146
https://notcve.org/view.php?id=CVE-2024-41146
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146 • CWE-694: Use of Multiple Resources with Duplicate Identifier •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12579 – Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service
https://notcve.org/view.php?id=CVE-2024-12579
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. • https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve • CWE-400: Uncontrolled Resource Consumption •