CVE-2024-2551 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2551
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el envío de un paquete manipulado a través del plano de datos que provoca una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición hacen que el firewall entre en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2024-2551 • CWE-476: NULL Pointer Dereference •
CVE-2024-9472 – PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
https://notcve.org/view.php?id=CVE-2024-9472
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1 Una desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks en las plataformas de hardware de las series PA-800, PA-3200, PA-5200 y PA-7000 cuando la política de descifrado está habilitada permite que un atacante no autenticado bloquee PAN-OS mediante el envío de tráfico específico a través del plano de datos, lo que genera una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición harán que PAN-OS entre en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2024-9472 • CWE-476: NULL Pointer Dereference •
CVE-2024-41209
https://notcve.org/view.php?id=CVE-2024-41209
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. • https://github.com/justdan96/tsMuxer/issues/841 https://ricercasecurity.blogspot.com/2024/10/rezzuf0-day-cve-2024-41209.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-41217
https://notcve.org/view.php?id=CVE-2024-41217
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file. • https://github.com/justdan96/tsMuxer/issues/846 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-49776
https://notcve.org/view.php?id=CVE-2024-49776
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. • https://github.com/justdan96/tsMuxer/issues/862 • CWE-131: Incorrect Calculation of Buffer Size •