CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-6841 – Keycloak: amount of attributes per object is not limited and it may lead to dos
https://notcve.org/view.php?id=CVE-2023-6841
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. • https://access.redhat.com/security/cve/CVE-2023-6841 https://bugzilla.redhat.com/show_bug.cgi?id=2254714 • CWE-231: Improper Handling of Extra Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45590 – body-parser vulnerable to denial of service when url encoding is enabled
https://notcve.org/view.php?id=CVE-2024-45590
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. ... This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled. • https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 https://access.redhat.com/security/cve/CVE-2024-45590 https://bugzilla.redhat.com/show_bug.cgi?id=2311171 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45412 – Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack
https://notcve.org/view.php?id=CVE-2024-45412
Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. This can get worse with the use of special Unicode characters like U+2100 (℀), or U+2105 (℅) which could lead the payload size to be tripled. • https://github.com/yeti-platform/yeti/commit/f1f0082e7c165f148ae95f4deeb2786404797a39 https://github.com/yeti-platform/yeti/security/advisories/GHSA-cwwm-pq9x-2cxv https://hackerone.com/reports/2258758 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-21753
https://notcve.org/view.php?id=CVE-2024-21753
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests Una limitación incorrecta de una ruta de acceso a un directorio restringido ("ruta de acceso") en las versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.13, 6.4.0 a 6.4.9, 6.2.0 a 6.2.9, 6.0.0 a 6.0.8, 1.2.1 a 1.2.5 de Fortinet FortiClientEMS permite a un atacante realizar una denegación de servicio, leer o escribir una cantidad limitada de archivos a través de solicitudes HTTP especialmente manipuladas. • https://fortiguard.fortinet.com/psirt/FG-IR-23-362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8645 – Access of Uninitialized Pointer in Wireshark
https://notcve.org/view.php?id=CVE-2024-8645
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19559 https://www.wireshark.org/security/wnpa-sec-2024-10.html • CWE-824: Access of Uninitialized Pointer •