CVE-2024-39526 – Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11/LC9600, MX304, EX9200, PTX Series: Receipt of malformed DHCP packets causes interfaces to stop processing packets
https://notcve.org/view.php?id=CVE-2024-39526
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. • https://supportportal.juniper.net/JSA88103 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2024-45396 – Quicly assertion failures
https://notcve.org/view.php?id=CVE-2024-45396
Quicly up to commtit d720707 is susceptible to a denial-of-service attack. • https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p • CWE-617: Reachable Assertion •
CVE-2024-45403 – H2O assertion failure when HTTP/3 requests are cancelled
https://notcve.org/view.php?id=CVE-2024-45403
The crash can be exploited by an attacker to mount a Denial-of-Service attack. • https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562 https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92 https://h2o.examp1e.net/configure/http3_directives.html • CWE-617: Reachable Assertion •
CVE-2024-6657 – BLE peripheral DoS after few cycles of connect/disconnects
https://notcve.org/view.php?id=CVE-2024-6657
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000E9IIbIAN?operationContext=S1 • CWE-821: Incorrect Synchronization •
CVE-2024-45315 – SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-45315
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. ... An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the host system. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •