CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48918 – iwlwifi: mvm: check debugfs_dir ptr before use
https://notcve.org/view.php?id=CVE-2022-48918
22 Aug 2024 — [change to make both conditional] A denial of service vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/8c082a99edb997d7999eb7cdb648e47a2bf4a638 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48905 – ibmvnic: free reset-work-item when flushing
https://notcve.org/view.php?id=CVE-2022-48905
22 Aug 2024 — Over time, this can lead to memory exhaustion, especially in systems already resource-constrained or under heavy load, resulting in a possible denial of service (DoS) condition. • https://git.kernel.org/stable/c/2770a7984db588913e11a6dfcfe3461dbba9b7b2 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-45163
https://notcve.org/view.php?id=CVE-2024-45163
22 Aug 2024 — The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data. • https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45167
https://notcve.org/view.php?id=CVE-2024-45167
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45169
https://notcve.org/view.php?id=CVE-2024-45169
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20375
https://notcve.org/view.php?id=CVE-2024-20375
21 Aug 2024 — A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. ... A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communication... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
21 Aug 2024 — This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43410 – Russh has an OOM Denial of Service due to allocation of untrusted amount
https://notcve.org/view.php?id=CVE-2024-43410
21 Aug 2024 — Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memor... • https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23185 – dovecot: very large headers can cause resource exhaustion when parsing message
https://notcve.org/view.php?id=CVE-2024-23185
21 Aug 2024 — So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json • CWE-770: Allocation of Resources Without Limits or Throttling •