CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48848 – tracing/osnoise: Do not unregister events twice
https://notcve.org/view.php?id=CVE-2022-48848
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rastreo/osnoise: no cancelar el registro de eventos dos veces Nicolas informó que al usar: # trace-cmd record -e all -M 10 -p osnoise --poll resultó en la siguiente advertencia del kernel: ------------[ cortar aquí ]------------ ADVERTENCIA: CPU: 0 PID: 1217 en kernel/tracepoint.c:404 tracepoint_probe_unregister+0x280/0x370 [ ...] ... Para evitar cancelar el registro de eventos dos veces, use la variable trace_osnoise_callback_enabled existente para verificar si los eventos (y la carga de trabajo) están realmente activos antes de intentar desactivarlos. • https://git.kernel.org/stable/c/2fac8d6486d5c34e2ec7028580142b8209da3f92 https://git.kernel.org/stable/c/4e10787d18379d9b296290c2288097feddef16d4 https://git.kernel.org/stable/c/f0cfe17bcc1dd2f0872966b554a148e888833ee9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48793 – KVM: x86: nSVM: fix potential NULL derefernce on nested migration
https://notcve.org/view.php?id=CVE-2022-48793
This happens when the call to load the nested state is executed before Nested Page Tables (NPT) are enabled, preventing access to guest memory, lead to system instability and a denial of service during nested migration processes. • https://git.kernel.org/stable/c/232f75d3b4b5456de6f0b671aa86345d62de1473 https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6 https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df https://access.redhat.com/security/cve/CVE-2022-48793 https://bugzilla.redhat.com/show_bug.cgi?id=2298129 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-3779 – Denial of Service in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-3779
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. • https://support.eset.com/en/ca8688 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40503
https://notcve.org/view.php?id=CVE-2024-40503
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. • https://gist.github.com/Mivik/8927ad100a638756e1fe214dd5fca5f9 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40632 – Linkerd potential access to the shutdown endpoint
https://notcve.org/view.php?id=CVE-2024-40632
Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. ... En las versiones afectadas, cuando la aplicación que ejecuta Linkerd es susceptible a SSRF, un atacante podría desencadenar un ataque de denegación de servicio (DoS) al realizar solicitudes a localhost:4191/shutdown. • https://github.com/linkerd/linkerd2-proxy/blob/46957de49f25fd4661af7b7c52659148f4d6dd27/linkerd/app/admin/src/server.rs https://github.com/linkerd/linkerd2/commit/35fb2d6d11ef6520ae516dd717790529f85224fa https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7 • CWE-918: Server-Side Request Forgery (SSRF) •