CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6762 – Jetty PushSessionCacheFilter can cause remote DoS attacks
https://notcve.org/view.php?id=CVE-2024-6762
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. • https://github.com/jetty/jetty.project/pull/10755 https://github.com/jetty/jetty.project/pull/10756 https://github.com/jetty/jetty.project/pull/9715 https://github.com/jetty/jetty.project/pull/9716 https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79 https://gitlab.eclipse.org/security/cve-assignement/-/issues/24 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9823 – Jetty DOS vulnerability on DosFilter
https://notcve.org/view.php?id=CVE-2024-9823
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. ... The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service. • https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 https://github.com/jetty/jetty.project/issues/1256 https://access.redhat.com/security/cve/CVE-2024-9823 https://bugzilla.redhat.com/show_bug.cgi?id=2318565 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6959 – Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6959
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. Una vulnerabilidad en la versión 9.8 de parisneo/lollms-webui permite un ataque de denegación de servicio (DOS) al cargar un archivo de audio. • https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e • CWE-352: Cross-Site Request Forgery (CSRF) CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38365 – btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
https://notcve.org/view.php?id=CVE-2024-38365
This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). • https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184 https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5 https://github.com/btcsuite/btcd/releases/tag/v0.24.2 https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47506 – Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash
https://notcve.org/view.php?id=CVE-2024-47506
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. • https://supportportal.juniper.net/JSA88137 • CWE-833: Deadlock •