CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48793 – KVM: x86: nSVM: fix potential NULL derefernce on nested migration
https://notcve.org/view.php?id=CVE-2022-48793
This happens when the call to load the nested state is executed before Nested Page Tables (NPT) are enabled, preventing access to guest memory, lead to system instability and a denial of service during nested migration processes. • https://git.kernel.org/stable/c/232f75d3b4b5456de6f0b671aa86345d62de1473 https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6 https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df https://access.redhat.com/security/cve/CVE-2022-48793 https://bugzilla.redhat.com/show_bug.cgi?id=2298129 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-3779 – Denial of Service in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-3779
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. • https://support.eset.com/en/ca8688 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40503
https://notcve.org/view.php?id=CVE-2024-40503
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. • https://gist.github.com/Mivik/8927ad100a638756e1fe214dd5fca5f9 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40632 – Linkerd potential access to the shutdown endpoint
https://notcve.org/view.php?id=CVE-2024-40632
In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. ... En las versiones afectadas, cuando la aplicación que ejecuta Linkerd es susceptible a SSRF, un atacante podría desencadenar un ataque de denegación de servicio (DoS) al realizar solicitudes a localhost:4191/shutdown. • https://github.com/linkerd/linkerd2-proxy/blob/46957de49f25fd4661af7b7c52659148f4d6dd27/linkerd/app/admin/src/server.rs https://github.com/linkerd/linkerd2/commit/35fb2d6d11ef6520ae516dd717790529f85224fa https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38360 – Denial of service via Watched Words in Discourse
https://notcve.org/view.php?id=CVE-2024-38360
Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console. • https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990 https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p • CWE-400: Uncontrolled Resource Consumption •