Page 3 of 38295 results (0.009 seconds)

CVSS: 7.5EPSS: %CPEs: -EXPL: 0

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: %CPEs: -EXPL: 0

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •

CVSS: 8.5EPSS: %CPEs: 2EXPL: 0

Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: %CPEs: 1EXPL: 0

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: %CPEs: -EXPL: 0

This could allow an attacker to cause a temporary denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •