CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8391 – Eclipse Vert.x gRPC server does not limit the maximum message size
https://notcve.org/view.php?id=CVE-2024-8391
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service. • https://github.com/eclipse-vertx/vertx-grpc/issues/113 https://gitlab.eclipse.org/security/cve-assignement/-/issues/31 https://access.redhat.com/security/cve/CVE-2024-8391 https://bugzilla.redhat.com/show_bug.cgi?id=2309758 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-45230 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-45230
The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. ... Excessive input with a specific sequence of characters may lead to denial of service. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21forum/django-announce https://www.djangoproject.com/weblog/2024/sep/03/security-releases https://access.redhat.com/security/cve/CVE-2024-45230 https://bugzilla.redhat.com/show_bug.cgi?id=2314485 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8418 – Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
https://notcve.org/view.php?id=CVE-2024-8418
They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns. A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. ... This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. • https://access.redhat.com/security/cve/CVE-2024-8418 https://bugzilla.redhat.com/show_bug.cgi?id=2309683 https://github.com/containers/aardvark-dns/issues/500 https://github.com/containers/aardvark-dns/pull/503 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34646
https://notcve.org/view.php?id=CVE-2024-34646
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44808
https://notcve.org/view.php?id=CVE-2024-44808
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. • https://github.com/Vypor/Vypors-Attack-API-System https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 • CWE-20: Improper Input Validation •