CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42934 – openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator
https://notcve.org/view.php?id=CVE-2024-42934
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. A flaw was found in the IPMI simulator (ipmi_sim) component of OpenIPMI. Due to a missing check in the authorization type on incoming LAN messages, an attacker may be able to trigger a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2308375 https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87 https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 https://access.redhat.com/security/cve/CVE-2024-42934 • CWE-862: Missing Authorization •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-32608
https://notcve.org/view.php?id=CVE-2024-32608
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46292
https://notcve.org/view.php?id=CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. ... Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). • https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.md https://github.com/yoloflz101/yoloflz/blob/main/README.md https://modsecurity.org/20241011/about-cve-2024-46292-2024-october • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46304
https://notcve.org/view.php?id=CVE-2024-46304
A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. • https://github.com/obgm/libcoap/issues/1509 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-45872
https://notcve.org/view.php?id=CVE-2023-45872
When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document. • https://bugzilla.redhat.com/show_bug.cgi?id=2246067 https://qt.io •