CVE-2024-47003 – DoS via non-string message using permalink embed
https://notcve.org/view.php?id=CVE-2024-47003
Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-0132
https://notcve.org/view.php?id=CVE-2024-0132
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. ... A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5582 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-8405 – Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack
https://notcve.org/view.php?id=CVE-2024-8405
This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-web-print service. By creating a junction, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-20434
https://notcve.org/view.php?id=CVE-2024-20434
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. ... A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. ... A reload of the device is required to restore control plane services. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vlan-dos-27Pur5RT • CWE-190: Integer Overflow or Wraparound •
CVE-2024-20467
https://notcve.org/view.php?id=CVE-2024-20467
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a. • https://github.com/saler-cve/PoC-Exploit-CVE-2024-20467 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO • CWE-399: Resource Management Errors •