CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34646
https://notcve.org/view.php?id=CVE-2024-34646
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44808
https://notcve.org/view.php?id=CVE-2024-44808
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. • https://github.com/Vypor/Vypors-Attack-API-System https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45692
https://notcve.org/view.php?id=CVE-2024-45692
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. • https://cispa.de/en/loop-dos https://webmin.com https://www.openwall.com/lists/oss-security/2024/09/04/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45506
https://notcve.org/view.php?id=CVE-2024-45506
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service. HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. • http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f https://www.haproxy.org https://www.haproxy.org/download/3.1/src/CHANGELOG https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6119 – Possible denial of service in X.509 name checks
https://notcve.org/view.php?id=CVE-2024-6119
., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. ... Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. • https://openssl-library.org/news/secadv/20240903.txt https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •