CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-27360
https://notcve.org/view.php?id=CVE-2024-27360
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27360 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27361
https://notcve.org/view.php?id=CVE-2024-27361
A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to time-of-use (TOCTOU) race condition, which can lead to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27361 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-3653 – Undertow: learningpushhandler can lead to remote memory dos attacks
https://notcve.org/view.php?id=CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. • https://access.redhat.com/errata/RHSA-2024:4392 https://access.redhat.com/security/cve/CVE-2024-3653 https://bugzilla.redhat.com/show_bug.cgi?id=2274437 https://access.redhat.com/errata/RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:6437 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5971 – Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
https://notcve.org/view.php?id=CVE-2024-5971
This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. • https://access.redhat.com/errata/RHSA-2024:4392 https://access.redhat.com/security/cve/CVE-2024-5971 https://bugzilla.redhat.com/show_bug.cgi?id=2292211 https://access.redhat.com/errata/RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/er • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6227 – Infinite Loop in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6227
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. • https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •