CVE-2024-46424
https://notcve.org/view.php?id=CVE-2024-46424
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/UploadCustomModule.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-8280
https://notcve.org/view.php?id=CVE-2024-8280
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-43759 – Illustrator | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-43759
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. ... Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo que podría provocar una denegación de servicio (DoS) de la aplicación. • https://helpx.adobe.com/security/products/illustrator/apsb24-66.html • CWE-476: NULL Pointer Dereference •
CVE-2024-8751 – Vulnerability in SICK MSC800
https://notcve.org/view.php?id=CVE-2024-8751
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-6077 – Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP
https://notcve.org/view.php?id=CVE-2024-6077
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html • CWE-20: Improper Input Validation •