CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-50947
https://notcve.org/view.php?id=CVE-2024-50947
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. Un problema en kmqtt v0.2.7 permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud manipulada específicamente. • https://gist.github.com/pengwGit/40934164f68a8a45ebaacfcdeb598fcb https://github.com/davidepianca98/KMQTT •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37302 – Synapse denial of service through media disk space consumption
https://notcve.org/view.php?id=CVE-2024-37302
This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. • https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52805 – Synapse allows unsupported content types to lead to memory exhaustion
https://notcve.org/view.php?id=CVE-2024-52805
In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. • https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9197
https://notcve.org/view.php?id=CVE-2024-9197
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. Una vulnerabilidad de desbordamiento de búfer posterior a la autenticación en el parámetro "acción" del programa CGI en las versiones de firmware Zyxel VMG3625-T50B hasta V5.50(ABPM.9.2)C0 podría permitir que un atacante autenticado con privilegios de administrador provoque una condición de denegación de servicio (DoS) temporal contra la interfaz de administración web al enviar una solicitud HTTP GET manipulada a un dispositivo vulnerable si la función ZyEE está habilitada. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8748
https://notcve.org/view.php?id=CVE-2024-8748
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. Una vulnerabilidad de desbordamiento de búfer en el analizador de paquetes de la librería de terceros "libclinkc" en las versiones de firmware Zyxel VMG8825-T50K hasta V5.50(ABOM.8.4)C0 podría permitir que un atacante provoque una condición de denegación de servicio (DoS) temporal contra la interfaz de administración web al enviar una solicitud HTTP POST manipulada a un dispositivo vulnerable. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •