CVE-2024-8250 – Expired Pointer Dereference in Wireshark
https://notcve.org/view.php?id=CVE-2024-8250
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19943 https://www.wireshark.org/security/wnpa-sec-2024-11.html • CWE-825: Expired Pointer Dereference •
CVE-2024-20446 – Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20446
A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. ... A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn • CWE-476: NULL Pointer Dereference •
CVE-2023-43078
https://notcve.org/view.php?id=CVE-2023-43078
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. • https://www.dell.com/support/kbdoc/en-us/000217981/dsa-2023-362-security-update-for-dell-dock-firmware-and-dell-client-platform-for-an-improper-link-resolution-vulnerability • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-34195
https://notcve.org/view.php?id=CVE-2024-34195
In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. ... For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. • https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-34198
https://notcve.org/view.php?id=CVE-2024-34198
The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. ... This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. • https://gist.github.com/Swind1er/02f6cb414e440c34878f20fef756e286 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •