CVE-2024-38808 – CVE-2024-38808: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. ... A maliciously crafted Spring Expression Language (SePL) may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. • https://spring.io/security/cve-2024-38808 https://access.redhat.com/security/cve/CVE-2024-38808 https://bugzilla.redhat.com/show_bug.cgi?id=2305959 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-23184 – dovecot: using a large number of address headers may trigger a denial of service
https://notcve.org/view.php?id=CVE-2024-23184
This flaw allows a remote attacker to trigger a denial of service. • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0002.json https://access.redhat.com/security/cve/CVE-2024-23184 https://bugzilla.redhat.com/show_bug.cgi?id=2305909 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-7887 – LimeSurvey File Upload index.php denial of service
https://notcve.org/view.php?id=CVE-2024-7887
The manipulation of the argument size leads to denial of service. ... Mittels Manipulieren des Arguments size mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/Hebing123/cve/issues/67 https://vuldb.com/?ctiid.274874 https://vuldb.com/?id.274874 https://vuldb.com/?submit.387132 • CWE-404: Improper Resource Shutdown or Release •
CVE-2024-6004
https://notcve.org/view.php?id=CVE-2024-6004
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-5210
https://notcve.org/view.php?id=CVE-2024-5210
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •