CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36650
https://notcve.org/view.php?id=CVE-2024-36650
This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. • https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-34406
https://notcve.org/view.php?id=CVE-2024-34406
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?page=shell&shell=article-view&articleId=000002403 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37168 – @grpc/grpc-js can allocate memory for incoming messages well above configured limits
https://notcve.org/view.php?id=CVE-2024-37168
Antes de las versiones 1.10.9, 1.9.15 y 1.8.22, existen dos rutas de código separadas en las que se puede asignar memoria por mensaje que exceda la opción de canal `grpc.max_receive_message_length`: si un mensaje entrante tiene un tamaño en el cable es mayor que el límite configurado, todo el mensaje se almacena en el búfer antes de descartarlo; y/o si un mensaje entrante tiene un tamaño dentro del límite del cable pero se descomprime a un tamaño mayor que el límite, el mensaje completo se descomprime en la memoria y no se descarta en el servidor. • https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650 https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3 https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27800
https://notcve.org/view.php?id=CVE-2024-27800
Processing a maliciously crafted message may lead to a denial-of-service. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214105 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214107 https://support.apple.com/en-us/HT214108 https://support.apple.com/kb/HT214100 https://support.apple.com/kb/HT214101 https:/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27812
https://notcve.org/view.php?id=CVE-2024-27812
Processing web content may lead to a denial-of-service. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214108 https://support.apple.com/kb/HT214108 • CWE-400: Uncontrolled Resource Consumption •