CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-38808 – CVE-2024-38808: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. ... A maliciously crafted Spring Expression Language (SePL) may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. • https://spring.io/security/cve-2024-38808 https://access.redhat.com/security/cve/CVE-2024-38808 https://bugzilla.redhat.com/show_bug.cgi?id=2305959 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23184 – dovecot: using a large number of address headers may trigger a denial of service
https://notcve.org/view.php?id=CVE-2024-23184
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. ... Processing a large number of address headers (From, To, Cc, Bcc, etc) can be excessively CPU intensive. This flaw allows a remote attacker to trigger a denial of service. Dovecot IMAP server versions 2.2 and 2.3 have an issue where a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0002.json https://access.redhat.com/security/cve/CVE-2024-23184 https://bugzilla.redhat.com/show_bug.cgi?id=2305909 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-7887 – LimeSurvey File Upload index.php denial of service
https://notcve.org/view.php?id=CVE-2024-7887
Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. ... Mittels Manipulieren des Arguments size mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/Hebing123/cve/issues/67 https://vuldb.com/?ctiid.274874 https://vuldb.com/?id.274874 https://vuldb.com/?submit.387132 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6004
https://notcve.org/view.php?id=CVE-2024-6004
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5210
https://notcve.org/view.php?id=CVE-2024-5210
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •