CVE-2024-50318 – Ivanti Avalanche WLAvalancheService TV_FP Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50318
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. ... An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVE-2024-50317 – Ivanti Avalanche WLAvalancheService TV_FN Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50317
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. ... An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVE-2024-50386 – Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
https://notcve.org/view.php?id=CVE-2024-50386
Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. ... "; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3 • CWE-20: Improper Input Validation •
CVE-2024-10717 – Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license
https://notcve.org/view.php?id=CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. ... This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. • https://plugins.trac.wordpress.org/browser/styler-for-ninja-forms-lite/tags/3.3.4/admin-menu/licenses.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve • CWE-862: Missing Authorization •
CVE-2024-50558
https://notcve.org/view.php?id=CVE-2024-50558
This could allow an attacker to cause a temporary denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •