CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43410 – Russh has an OOM Denial of Service due to allocation of untrusted amount
https://notcve.org/view.php?id=CVE-2024-43410
Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. • https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23185 – dovecot: very large headers can cause resource exhaustion when parsing message
https://notcve.org/view.php?id=CVE-2024-23185
The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. ... So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). ... The message-parser normally reads reasonably sized chunks of the message. • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json https://access.redhat.com/security/cve/CVE-2024-23185 https://bugzilla.redhat.com/show_bug.cgi?id=2305910 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2023-29929
https://notcve.org/view.php?id=CVE-2023-29929
Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. • https://github.com/YSaxon/CVE-2023-29929 http://kemptechnologies.com http://loadmaster.com • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25009 – Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25009
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-packet-core-controller-pcc-august-2024 • CWE-20: Improper Input Validation •