CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8454 – PLANET Technology switch devices - Swctrl service DoS attack
https://notcve.org/view.php?id=CVE-2024-8454
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service. • https://www.twcert.org.tw/tw/cp-132-8057-1b3fa-1.html https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8451 – PLANET Technology switch devices - SSH server DoS attack
https://notcve.org/view.php?id=CVE-2024-8451
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service. • https://www.twcert.org.tw/en/cp-139-8052-ac0ea-2.html https://www.twcert.org.tw/tw/cp-132-8051-5048e-1.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. ... This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, • https://github.com/latte-soft/kartlanpwn https://hackerone.com/reports/2611669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6436 – Rockwell Automation Input Validation Vulnerability exists in the SequenceManagerâ„¢ Server
https://notcve.org/view.php?id=CVE-2024-6436
An input validation vulnerability exists in the Rockwell Automation Sequence Managerâ„¢ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. ... Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1679.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-38809 – org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
https://notcve.org/view.php?id=CVE-2024-38809
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. ... Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request. • https://spring.io/security/cve-2024-38809 https://access.redhat.com/security/cve/CVE-2024-38809 https://bugzilla.redhat.com/show_bug.cgi?id=2314495 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •