CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47599 – GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences
https://notcve.org/view.php?id=CVE-2024-47599
This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch https://gstreamer.freedesktop.org/security/sa-2024-0016.html https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47542 – GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference
https://notcve.org/view.php?id=CVE-2024-47542
This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch https://gstreamer.freedesktop.org/security/sa-2024-0008.html https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-37401
https://notcve.org/view.php?id=CVE-2024-37401
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-37377
https://notcve.org/view.php?id=CVE-2024-37377
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11737
https://notcve.org/view.php?id=CVE-2024-11737
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-03.pdf • CWE-20: Improper Input Validation •