CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50590 – Local Privilege Escalation via Weak Service Binary Permissions
https://notcve.org/view.php?id=CVE-2024-50590
Los atacantes con acceso local al equipo del consultorio médico pueden escalar sus privilegios de usuario de Windows a "NT AUTHORITY\SYSTEM" sobrescribiendo uno de los dos binarios de servicio de Elefant con permisos débiles. ... Además, el instalador de Elefant registra dos servicios de base de datos de Firebird que se ejecutan como "NT AUTHORITY\SYSTEM". • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-21538
https://notcve.org/view.php?id=CVE-2024-21538
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. • https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45759
https://notcve.org/view.php?id=CVE-2024-45759
Exploitation may lead to denial of service of system. • https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-27528
https://notcve.org/view.php?id=CVE-2024-27528
wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. • https://gist.github.com/haruki3hhh/baa757c4af4fefb410d9c74d7a68152e https://github.com/wasm3/wasm3/issues/463 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-35410
https://notcve.org/view.php?id=CVE-2024-35410
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file. • https://gist.github.com/haruki3hhh/f686e1d517e8f5d1281b02e633129522 https://github.com/kanaka/wac/issues/17 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •