CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4854 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2024-4854
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file Los bucles infinitos de disección TLV de MONGO y ZigBee en Wireshark 4.2.0 a 4.2.4, 4.0.0 a 4.0.14 y 3.6.0 a 3.6.22 permiten la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19726 https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ https://www.wireshark.org/security/wnpa-sec-2024-07.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4853 – Mismatched Memory Management Routines in editcap
https://notcve.org/view.php?id=CVE-2024-4853
Memory handling issue in editcap could cause denial of service via crafted capture file Un problema de manejo de memoria en editcap podría causar denegación de servicio a través de un archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19724 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ https://www.wireshark.org/security/wnpa-sec-2024-08.html • CWE-762: Mismatched Memory Management Routines •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-23576 – HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23576
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112907 • CWE-285: Improper Authorization •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-30259 – FastDDS heap buffer overflow when publisher sends malformed packet
https://notcve.org/view.php?id=CVE-2024-30259
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). ... This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. ... Esto puede bloquear de forma remota cualquier proceso Fast-DDS, lo que podría provocar un ataque de DOS. Las versiones 2.14.1, 2.13.5, 2.10.4 y 2.6.8 contienen un parche para el problema. • https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662 https://vimeo.com/907641887?share=copy • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-30258 – FastDDS crash when publisher send malformed packet
https://notcve.org/view.php?id=CVE-2024-30258
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). ... This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. ... Esto puede bloquear de forma remota cualquier proceso Fast-DDS, lo que podría provocar un ataque de DOS. Las versiones 2.14.1, 2.13.5, 2.10.4 y 2.6.8 contienen un parche para el problema. • https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh • CWE-20: Improper Input Validation •