CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-31203
https://notcve.org/view.php?id=CVE-2024-31203
A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31203 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-37281 – Kibana Denial of Service issue
https://notcve.org/view.php?id=CVE-2024-37281
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. • https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37299 – Discourse vulnerable to DoS via Tag Group
https://notcve.org/view.php?id=CVE-2024-37299
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. • https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210 https://github.com/discourse/discourse/commit/76f06f6b1491db6bd09a4017d2c5591431b3b16e https://github.com/discourse/discourse/security/advisories/GHSA-4j6h-9pjp-5476 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42101 – drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
https://notcve.org/view.php?id=CVE-2024-42101
The return value of the drm_mode_duplicate function is not checked in the nouveau_connector_get_modes function in the drivers/gpu/drm/nouveau/nouveau_connector.c file, possibly causing a NULL pointer dereference and resulting in a denial of service. • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07 https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9 https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39012
https://notcve.org/view.php?id=CVE-2024-39012
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •