CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20451
https://notcve.org/view.php?id=CVE-2024-20451
A successful exploit could allow the attacker to cause a DoS condition on the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42241 – mm/shmem: disable PMD-sized page cache if needed
https://notcve.org/view.php?id=CVE-2024-42241
A denial of service vulnerability was found in the Linux Kernel. • https://git.kernel.org/stable/c/6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 https://git.kernel.org/stable/c/93893eacb372b0a4a30f7de6609b08c3ba6c4fd9 https://git.kernel.org/stable/c/cd25208ca9b0097f8e079d692fc678f36fdbc3f9 https://git.kernel.org/stable/c/9fd154ba926b34c833b7bfc4c14ee2e931b3d743 https://access.redhat.com/security/cve/CVE-2024-42241 https://bugzilla.redhat.com/show_bug.cgi?id=2303509 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42240 – x86/bhi: Avoid warning in #DB handler due to BHI mitigation
https://notcve.org/view.php?id=CVE-2024-42240
entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] A denial of service vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/bd53ec80f21839cfd4d852a6088279d602d67e5b https://git.kernel.org/stable/c/07dbb10f153f483e8249acebdffedf922e2ec2e1 https://git.kernel.org/stable/c/eb36b0dce2138581bc6b5e39d0273cb4c96ded81 https://git.kernel.org/stable/c/7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 https://git.kernel.org/stable/c/8f51637712e4da5be410a1666f8aee0d86eef898 https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84 https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364 https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42238 – firmware: cs_dsp: Return error if block header overflows file
https://notcve.org/view.php?id=CVE-2024-42238
A denial of service vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 https://git.kernel.org/stable/c/b8be70566b33abbd0180105070b4c67cfef8c44f https://git.kernel.org/stable/c/90ab191b7d181057d71234e8632e06b5844ac38e https://git.kernel.org/stable/c/6eabd23383805725eff416c203688b7a390d4153 https://git.kernel.org/stable/c/959fe01e85b7241e3ec305d657febbe82da16a02 https://access.redhat.com/security/cve/CVE-2024-42238 https://bugzilla.redhat.com/show_bug.cgi?id=2303506 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42062 – Apache CloudStack: User Key Exposure to Domain Admins
https://notcve.org/view.php?id=CVE-2024-42062
An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. • https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1 • CWE-863: Incorrect Authorization •