CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45296 – path-to-regexp outputs backtracking regular expressions
https://notcve.org/view.php?id=CVE-2024-45296
Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. ... Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS). • https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6 https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j https://access.redhat.com/security/cve/CVE-2024-45296 https://bugzilla.redhat.com/show_bug.cgi?id=2310908 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40680 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-40680
IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297611 https://www.ibm.com/support/pages/node/7167732 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-51368 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-51368
If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24759 – MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
https://notcve.org/view.php?id=CVE-2024-24759
The vulnerability can also lead to denial of service. • https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-45589
https://notcve.org/view.php?id=CVE-2024-45589
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. • https://github.com/BenRogozinski/CVE-2024-45589 https://benrogozinski.github.io/CVE-2024-45589 https://help.rapididentity.com/docs/rapididentity-lts-release-notes • CWE-307: Improper Restriction of Excessive Authentication Attempts •