Total
3345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5052 | 2024-11-21 | 7.5 High | ||
| Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | ||||
| CVE-2024-5013 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 7.5 High |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | ||||
| CVE-2024-4599 | 2024-11-21 | 7.5 High | ||
| Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | ||||
| CVE-2024-4557 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline. | ||||
| CVE-2024-4068 | 2 Micromatch, Redhat | 7 Braces, Acm, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 7.5 High |
| The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. | ||||
| CVE-2024-47850 | 2 Cups, Redhat | 7 Cups, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 7.5 High |
| CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) | ||||
| CVE-2024-41818 | 3 Fast-xml-parser Project, Naturalintelligence, Redhat | 4 Fast-xml-parser, Fast Xml Parser, Container Native Virtualization and 1 more | 2024-11-21 | 7.5 High |
| fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. | ||||
| CVE-2024-3651 | 2 Kjd, Redhat | 8 Internationalized Domain Names In Applications, Ansible Automation Platform, Enterprise Linux and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. | ||||
| CVE-2024-3297 | 1 Csa-iot | 1 Matter | 2024-11-21 | 6.5 Medium |
| An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. | ||||
| CVE-2024-3153 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | 6.5 Medium |
| mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request. | ||||
| CVE-2024-39693 | 1 Vercel | 1 Next.js | 2024-11-21 | 7.5 High |
| Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. | ||||
| CVE-2024-39551 | 1 Juniper | 1 Junos Os | 2024-11-21 | 7.5 High |
| An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2. | ||||
| CVE-2024-39548 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 7.5 High |
| An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6. Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node <fpc slot> | grep evo-aftmann This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-S5-EVO, * 21.4 versions before 21.4R3-S5-EVO, * 22.1 versions before 22.1R3-S4-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO, * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO. | ||||
| CVE-2024-38809 | 2 Redhat, Vmware | 2 Apache Camel Spring Boot, Spring Framework | 2024-11-21 | 5.3 Medium |
| Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. | ||||
| CVE-2024-38520 | 2024-11-21 | 5.3 Medium | ||
| SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185. | ||||
| CVE-2024-38360 | 2024-11-21 | 4.9 Medium | ||
| Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console. | ||||
| CVE-2024-37904 | 2024-11-21 | 5.7 Medium | ||
| Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines `L55-L89`. The Git provider does the following on the lines `L56-L62`. First, it sets the `CloneOptions`, specifying the url, the depth etc. It then validates the options. It then sets up an in-memory filesystem, to which it clones and Finally, it clones the repository. The `(g *Git) Clone()` method is vulnerable to a DoS attack: A Minder user can instruct Minder to clone a large repository which will exhaust memory and crash the Minder server. The root cause of this vulnerability is a combination of the following conditions: 1. Users can control the Git URL which Minder clones, 2. Minder does not enforce a size limit to the repository, 3. Minder clones the entire repository into memory. This issue has been addressed in commit `7979b43` which has been included in release version v0.0.52. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-37890 | 2 Redhat, Websockets | 3 Openshift Data Foundation, Rhdh, Ws | 2024-11-21 | 7.5 High |
| ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied. | ||||
| CVE-2024-37535 | 2024-11-21 | 4.4 Medium | ||
| GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. | ||||
| CVE-2024-37299 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.9 Medium |
| Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. | ||||