CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2024-34953
https://notcve.org/view.php?id=CVE-2024-34953
An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file Un problema en taurusxin ncmdump v1.3.2 permite a los atacantes provocar una denegación de servicio (DoS) mediante el agotamiento de la memoria al proporcionar un archivo .ncm manipulado. • https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted/poc https://github.com/taurusxin/ncmdump/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-34952
https://notcve.org/view.php?id=CVE-2024-34952
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file. ... Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo .ncm manipulado. • https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc https://github.com/taurusxin/ncmdump/issues&# •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-4323 – Fluent Bit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-4323
This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. • https://github.com/d0rb/CVE-2024-4323 https://github.com/skilfoy/CVE-2024-4323-Exploit-POC https://github.com/yuansec/CVE-2024-4323-dos_poc https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04 https://tenable.com/security/research/tra-2024-17 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36007 – mlxsw: spectrum_acl_tcam: Fix warning during rehash
https://notcve.org/view.php?id=CVE-2024-36007
Debido a cómo se definen las dos estructuras, esto no genera símbolos KASAN, sino advertencias como [1]. • https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596 https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952 https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573 https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916 https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861 https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36002 – dpll: fix dpll_pin_on_pin_register() for multiple parent pins
https://notcve.org/view.php?id=CVE-2024-36002
En este escenario, el pin se registró dos veces, por lo que aún no se espera que se liberen recursos hasta que se cancele el registro de cada pin/par de pines registrado. • https://git.kernel.org/stable/c/b27e32e9367dac024cd6f61f22655714f483fd67 https://git.kernel.org/stable/c/769324eb35143462542cdb15483cdaf4877bf661 https://git.kernel.org/stable/c/f3e1cf62d18220a3aa97e084e7a3552debece9fc https://git.kernel.org/stable/c/38d7b94e81d068b8d8c8392f421cfd2c3bbfd1a6 •