CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43410 – Russh has an OOM Denial of Service due to allocation of untrusted amount
https://notcve.org/view.php?id=CVE-2024-43410
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. • https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23185 – dovecot: very large headers can cause resource exhaustion when parsing message
https://notcve.org/view.php?id=CVE-2024-23185
So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json https://access.redhat.com/security/cve/CVE-2024-23185 https://bugzilla.redhat.com/show_bug.cgi?id=2305910 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2023-29929
https://notcve.org/view.php?id=CVE-2023-29929
Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. • https://github.com/YSaxon/CVE-2023-29929 http://kemptechnologies.com http://loadmaster.com • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25009 – Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25009
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-packet-core-controller-pcc-august-2024 • CWE-20: Improper Input Validation •