CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6119 – Possible denial of service in X.509 name checks
https://notcve.org/view.php?id=CVE-2024-6119
03 Sep 2024 — Impact summary: Abnormal termination of an application can a cause a denial of service. ... Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies ... • https://openssl-library.org/news/secadv/20240903.txt • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-6232 – Regular-expression DoS when parsing TarFile headers
https://notcve.org/view.php?id=CVE-2024-6232
03 Sep 2024 — A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive. • https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-42058
https://notcve.org/view.php?id=CVE-2024-42058
03 Sep 2024 — A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6343
https://notcve.org/view.php?id=CVE-2024-6343
03 Sep 2024 — A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable ... • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2024-5412
https://notcve.org/view.php?id=CVE-2024-5412
03 Sep 2024 — A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41433
https://notcve.org/view.php?id=CVE-2024-41433
03 Sep 2024 — This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability. • https://github.com/pingcap/tidb/issues/53796 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41434
https://notcve.org/view.php?id=CVE-2024-41434
03 Sep 2024 — This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. ... • https://gist.github.com/ycybfhb/4aa6809695b9e8a1cd1429e597c17517 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-44947 – fuse: Initialize beyond-EOF page contents before setting uptodate
https://notcve.org/view.php?id=CVE-2024-44947
02 Sep 2024 — A local attacker could use this to cause a denial of service. ... A privileged attacker could use this to cause a denial of service. • https://github.com/Abdurahmon3236/CVE-2024-44947 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45311 – Denial of service in quinn-proto when using `Endpoint::retry()`
https://notcve.org/view.php?id=CVE-2024-45311
02 Sep 2024 — This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. • https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45308 – MySQL & free URL mode allows to hide existing notes in hedgedoc
https://notcve.org/view.php?id=CVE-2024-45308
02 Sep 2024 — Attackers can also use this issue to prevent access to the original note, causing a denial of service. • https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p • CWE-1289: Improper Validation of Unsafe Equivalence in Input •