CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-27360
https://notcve.org/view.php?id=CVE-2024-27360
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27360 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-29153
https://notcve.org/view.php?id=CVE-2024-29153
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves incorrect authorization of LTE NAS messages and leads to downgrading to lower network generations and repeated DDOS. Se descubrió una vulnerabilidad en el procesador móvil, procesador portátil y módems de Samsung con versiones Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123 y Exynos Modem 5300 que implica una autorización incorrecta de mensajes LTE NAS y conduce a una degradación a generaciones de red más bajas y DDOS repetidos. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-29153 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-31957
https://notcve.org/view.php?id=CVE-2024-31957
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36676
https://notcve.org/view.php?id=CVE-2024-36676
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. El control de acceso incorrecto en BookStack anterior a v24.05.1 permite a los atacantes confirmar los usuarios existentes del sistema y realizar notificaciones de DoS por correo electrónico dirigidas a través de formularios públicos. • https://github.com/BookStackApp/BookStack/issues/4993 https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1 https://www.bookstackapp.com/blog/bookstack-release-v24-05-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-3653 – Undertow: learningpushhandler can lead to remote memory dos attacks
https://notcve.org/view.php?id=CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. • https://access.redhat.com/errata/RHSA-2024:4392 https://access.redhat.com/security/cve/CVE-2024-3653 https://bugzilla.redhat.com/show_bug.cgi?id=2274437 https://access.redhat.com/errata/RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:6437 • CWE-401: Missing Release of Memory after Effective Lifetime •