CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45167
https://notcve.org/view.php?id=CVE-2024-45167
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20375
https://notcve.org/view.php?id=CVE-2024-20375
A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. ... A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43410 – Russh has an OOM Denial of Service due to allocation of untrusted amount
https://notcve.org/view.php?id=CVE-2024-43410
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. • https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23185 – dovecot: very large headers can cause resource exhaustion when parsing message
https://notcve.org/view.php?id=CVE-2024-23185
So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). • https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json https://access.redhat.com/security/cve/CVE-2024-23185 https://bugzilla.redhat.com/show_bug.cgi?id=2305910 • CWE-770: Allocation of Resources Without Limits or Throttling •