CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47889 – Action Mailer has possible ReDoS vulnerability in block_format
https://notcve.org/view.php?id=CVE-2024-47889
16 Oct 2024 — Action Mailer is a framework for designing email service layers. ... Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... Un texto cuidadosamente elaborado puede hacer que el asistente block_format tarde una cantidad inesperada de tiempo, lo qu... • https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47888 – Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
https://notcve.org/view.php?id=CVE-2024-47888
16 Oct 2024 — Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... Un texto cuidadosamente elaborado puede hacer que el asistente `plain_text_for_blockquote_node` tarde una cantidad inesperada de tiempo, lo que posiblemente resulte en una vulner... • https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47887 – Action Controller has possible ReDoS vulnerability in HTTP Token authentication
https://notcve.org/view.php?id=CVE-2024-47887
16 Oct 2024 — For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... En el caso de las aplicaciones que utilizan la autenticación de token HTTP mediante `authenticat... • https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41128 – Action Dispatch has possible ReDoS vulnerability in query parameter filtering
https://notcve.org/view.php?id=CVE-2024-41128
16 Oct 2024 — Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... Los parámetros de consulta cuidadosamente manipulados pueden hacer que el filtrado de parámetros de consulta tarde una cantidad inesperada de tiempo, lo que puede dar como resultado una... • https://access.redhat.com/security/cve/cve-2024-41128 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-20463 – Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20463
16 Oct 2024 — A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la interfaz de administración basada en web del firmware del adaptador telefónico analógico Cisco ATA 190 Series podría permitir que un atacante remoto no autenticado modifique la configuración o reinicie un dispositivo afectado. ... Una explotación exitosa podría permitir... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy • CWE-305: Authentication Bypass by Primary Weakness CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29155 – Denial of service on Microchip RN4870 devices
https://notcve.org/view.php?id=CVE-2024-29155
16 Oct 2024 — On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. En los dispositivos Microchip RN4870, cuando se recibe más de una solicitud PairReqNoInputNoOutput consecutiva, el dispositivo no puede completar el proceso de emparejamiento. Un tercero puede inyectar una segunda so... • https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45219 – Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
https://notcve.org/view.php?id=CVE-2024-45219
16 Oct 2024 — Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45085 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-45085
15 Oct 2024 — IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21281
https://notcve.org/view.php?id=CVE-2024-21281
15 Oct 2024 — Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21274
https://notcve.org/view.php?id=CVE-2024-21274
15 Oct 2024 — Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •