CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2024-29857 – org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
https://notcve.org/view.php?id=CVE-2024-29857
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters. Se descubrió un problema en ECCurve.java y ECCurve.cs en Bouncy Castle Java (BC Java) antes de 1.78, BC Java LTS antes de 2.73.6, BC-FJA antes de 1.0.2.5 y BC C# .Net antes de 2.3.1. La importación de un certificado CE con parámetros F2m modificados puede provocar un consumo excesivo de CPU durante la evaluación de los parámetros de la curva. A vulnerability was found in Bouncy Castle. • https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857 https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857 https://www.bouncycastle.org/latest_releases.html https://access.redhat.com/security/cve/CVE-2024-29857 https://bugzilla.redhat.com/show_bug.cgi?id=2293028 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-29513
https://notcve.org/view.php?id=CVE-2024-29513
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-29166
https://notcve.org/view.php?id=CVE-2024-29166
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 •
CVSS: 7.4EPSS: %CPEs: -EXPL: 0CVE-2024-29165
https://notcve.org/view.php?id=CVE-2024-29165
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-29164
https://notcve.org/view.php?id=CVE-2024-29164
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-121: Stack-based Buffer Overflow •