CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37293 – aws-deployment-framework's potential risk can lead to privilege escalation
https://notcve.org/view.php?id=CVE-2024-37293
Existen dos versiones del proceso de arranque; una canalización impulsada por cambios de código que utiliza AWS CodeBuild y una máquina de estado impulsada por eventos que utiliza AWS Lambda. • https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html https://github.com/awslabs/aws-deployment-framework/pull/732 https://github.com/awslabs/aws-deployment-framework/releases/tag/v4.0.0 https://github.com/awslabs/aws-deployment-framework/security/advisories/GHSA-mcj7-ppmv-h6jr • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-37294 – Aimeos denial of service vulnerability in SaaS and marketplace setups
https://notcve.org/view.php?id=CVE-2024-37294
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. • https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p • CWE-270: Privilege Context Switching Error •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la política de seguridad implícita de un programa. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-35292
https://notcve.org/view.php?id=CVE-2024-35292
This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-481506.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2023-50763
https://notcve.org/view.php?id=CVE-2023-50763
The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains. This could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers. • https://cert-portal.siemens.com/productcert/html/ssa-139628.html https://cert-portal.siemens.com/productcert/html/ssa-337522.html https://cert-portal.siemens.com/productcert/html/ssa-625862.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •