CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9823 – Jetty DOS vulnerability on DosFilter
https://notcve.org/view.php?id=CVE-2024-9823
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. ... The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service. • https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 https://github.com/jetty/jetty.project/issues/1256 https://access.redhat.com/security/cve/CVE-2024-9823 https://bugzilla.redhat.com/show_bug.cgi?id=2318565 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6959 – Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6959
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. Una vulnerabilidad en la versión 9.8 de parisneo/lollms-webui permite un ataque de denegación de servicio (DOS) al cargar un archivo de audio. • https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e • CWE-352: Cross-Site Request Forgery (CSRF) CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38365 – btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
https://notcve.org/view.php?id=CVE-2024-38365
This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). • https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184 https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5 https://github.com/btcsuite/btcd/releases/tag/v0.24.2 https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47506 – Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash
https://notcve.org/view.php?id=CVE-2024-47506
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. • https://supportportal.juniper.net/JSA88137 • CWE-833: Deadlock •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47509 – Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3
https://notcve.org/view.php?id=CVE-2024-47509
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R2-EVO, * 22.1 versions before 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508. • https://supportportal.juniper.net • CWE-770: Allocation of Resources Without Limits or Throttling •