CVE-2024-4210 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-4210
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones comenzando con 12.6 anterior a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2. • https://gitlab.com/gitlab-org/gitlab/-/issues/458245 https://hackerone.com/reports/2431562 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-20451
https://notcve.org/view.php?id=CVE-2024-20451
A successful exploit could allow the attacker to cause a DoS condition on the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-42062 – Apache CloudStack: User Key Exposure to Domain Admins
https://notcve.org/view.php?id=CVE-2024-42062
An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. • https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1 • CWE-863: Incorrect Authorization •
CVE-2024-41990 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-41990
The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. ... Processing very large inputs with a specific sequence of characters with the urlize and urlizetrunc functions can cause a denial of service. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21forum/django-announce https://www.djangoproject.com/weblog/2024/aug/06/security-releases https://access.redhat.com/security/cve/CVE-2024-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2302434 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2024-41991 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
https://notcve.org/view.php?id=CVE-2024-41991
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. ... 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21forum/django-announce https://www.djangoproject.com/weblog/2024/aug/06/security-releases https://access.redhat.com/security/cve/CVE-2024-41991 https://bugzilla.redhat.com/show_bug.cgi?id=2302435 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-400: Uncontrolled Resource Consumption •