CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48924 – MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
https://notcve.org/view.php?id=CVE-2024-48924
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. • https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/8e599af0798b45008f8b293a7f233e4878f11ed5 https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/f8d40b3ad0be01c6e56cb51ecea81f59d98c192d https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-4qm4-8hg2-g2xm • CWE-328: Use of Weak Hash •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47459 – Substance3D - Sampler | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-47459
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. • https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6729 – Nokia SR OS: File Access Security Vulnerability
https://notcve.org/view.php?id=CVE-2023-6729
This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3187
https://notcve.org/view.php?id=CVE-2024-3187
This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. Este problema se debe a dos vulnerabilidades CWE-416 de Use After Free (UAF) y una vulnerabilidad CWE-415 de doble liberación en las versiones de Goahead anteriores a la 6.0.0. ... Esto puede provocar una corrupción de la memoria, lo que puede provocar una denegación de servicio (DoS) o, en casos excepcionales, la ejecución de código, aunque esto último depende en gran medida del contexto. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3186
https://notcve.org/view.php?id=CVE-2024-3186
This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. ... Esta vulnerabilidad permite que un atacante remoto con privilegios para modificar archivos de plantilla de JavaScript (JST) provoque un bloqueo y provoque una denegación de servicio (DoS) al proporcionar plantillas maliciosas. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3186 • CWE-476: NULL Pointer Dereference •