Page 31 of 38452 results (0.027 seconds)

CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0

Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. • https://plugins.trac.wordpress.org/browser/styler-for-ninja-forms-lite/tags/3.3.4/admin-menu/licenses.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

This could allow an attacker to cause a temporary denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •

CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0

This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •