CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54682 – Zipbomb DoS via Missing Slack Import Validation
https://notcve.org/view.php?id=CVE-2024-54682
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin. • https://mattermost.com/security-updates • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54083 – DoS via lack of type validation in Calls
https://notcve.org/view.php?id=CVE-2024-54083
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12601 – Calculated Fields Form <= 5.2.63 - Denial of Service
https://notcve.org/view.php?id=CVE-2024-12601
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. ... This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. • https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74 https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75 https://plugins.trac.wordpress.org/changeset/3207826 https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-56072
https://notcve.org/view.php?id=CVE-2024-56072
The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. • https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000 https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-56073
https://notcve.org/view.php?id=CVE-2024-56073
Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash). • https://cwe.mitre.org/data/definitions/369.html https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c • CWE-369: Divide By Zero •