CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47763 – Wasmtime runtime crash when combining tail calls with trapping imports
https://notcve.org/view.php?id=CVE-2024-47763
Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. ... Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. ... All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. ... These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call https://github.com/WebAssembly/proposals https://github.com/bytecodealliance/wasmtime/pull/8540 https://github.com/bytecodealliance/wasmtime/pull/8682 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg https://github.com/webassembly/tail-call • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9468 – PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
https://notcve.org/view.php?id=CVE-2024-9468
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. • https://security.paloaltonetworks.com/CVE-2024-9468 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7294 – Uncontrolled resource consumption of anonymous endpoints
https://notcve.org/view.php?id=CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. • https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-39440
https://notcve.org/view.php?id=CVE-2024-39440
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-39439
https://notcve.org/view.php?id=CVE-2024-39439
In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •