CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49767 – Werkzeug possible resource exhaustion when parsing file data in forms
https://notcve.org/view.php?id=CVE-2024-49767
Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. ... There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. • https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b https://github.com/pallets/werkzeug/releases/tag/3.0.6 https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10387 – Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-10387
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47481
https://notcve.org/view.php?id=CVE-2024-47481
An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000240535/dsa-2024-419-security-update-for-dell-data-lakehouse-system-software-for-multiple-third-party-component-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44101
https://notcve.org/view.php?id=CVE-2024-44101
there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48227
https://notcve.org/view.php?id=CVE-2024-48227
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). • https://github.com/funadmin/funadmin/issues/27 •