CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45795 – Suricata detect/datasets: reachable assertion with unimplemented rule option
https://notcve.org/view.php?id=CVE-2024-45795
Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. • https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g https://redmine.openinfosecfoundation.org/issues/7195 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47187 – Suricata datasets: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47187
Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. • https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p https://redmine.openinfosecfoundation.org/issues/7209 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47188 – Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47188
Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. • https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 https://redmine.openinfosecfoundation.org/issues/7289 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8038
https://notcve.org/view.php?id=CVE-2024-8038
This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35293 – Schneider Elektronik Series 700 prone to missing authentication for critical reset function
https://notcve.org/view.php?id=CVE-2024-35293
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. • https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf • CWE-306: Missing Authentication for Critical Function •