CVE-2023-6841 – Keycloak: amount of attributes per object is not limited and it may lead to dos
https://notcve.org/view.php?id=CVE-2023-6841
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. • https://access.redhat.com/security/cve/CVE-2023-6841 https://bugzilla.redhat.com/show_bug.cgi?id=2254714 • CWE-231: Improper Handling of Extra Values •
CVE-2024-45590 – body-parser vulnerable to denial of service when url encoding is enabled
https://notcve.org/view.php?id=CVE-2024-45590
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. • https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVE-2024-45412 – Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack
https://notcve.org/view.php?id=CVE-2024-45412
Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. • https://github.com/yeti-platform/yeti/commit/f1f0082e7c165f148ae95f4deeb2786404797a39 https://github.com/yeti-platform/yeti/security/advisories/GHSA-cwwm-pq9x-2cxv https://hackerone.com/reports/2258758 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-21753
https://notcve.org/view.php?id=CVE-2024-21753
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests Una limitación incorrecta de una ruta de acceso a un directorio restringido ("ruta de acceso") en las versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.13, 6.4.0 a 6.4.9, 6.2.0 a 6.2.9, 6.0.0 a 6.0.8, 1.2.1 a 1.2.5 de Fortinet FortiClientEMS permite a un atacante realizar una denegación de servicio, leer o escribir una cantidad limitada de archivos a través de solicitudes HTTP especialmente manipuladas. • https://fortiguard.fortinet.com/psirt/FG-IR-23-362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-8645 – Access of Uninitialized Pointer in Wireshark
https://notcve.org/view.php?id=CVE-2024-8645
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19559 https://www.wireshark.org/security/wnpa-sec-2024-10.html • CWE-824: Access of Uninitialized Pointer •