CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47187 – Suricata datasets: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47187
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. • https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p https://redmine.openinfosecfoundation.org/issues/7209 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47188 – Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47188
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 https://redmine.openinfosecfoundation.org/issues/7289 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8038
https://notcve.org/view.php?id=CVE-2024-8038
This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35293 – Schneider Elektronik Series 700 prone to missing authentication for critical reset function
https://notcve.org/view.php?id=CVE-2024-35293
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. • https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47609 – Remotely exploitable DoS in Tonic `<=v0.12.2`
https://notcve.org/view.php?id=CVE-2024-47609
When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. • https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48 https://github.com/hyperium/tonic/issues/1897 https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv • CWE-755: Improper Handling of Exceptional Conditions •