CVE-2024-38826 – CVE-2024-38826 Cloud Controller Denial of Service Attack
https://notcve.org/view.php?id=CVE-2024-38826
This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. • https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack •
CVE-2023-40457
https://notcve.org/view.php?id=CVE-2023-40457
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). • https://blog.benjojo.co.uk/asset/JgH8G5duO1 https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5 •
CVE-2024-21994 – CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21994
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. • https://security.netapp.com/advisory/ntap-20241108-0001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-50591 – Local Privilege Escalation via Command Injection
https://notcve.org/view.php?id=CVE-2024-50591
El Actualizador de software de Elefant (ESU) consta de dos componentes. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-50590 – Local Privilege Escalation via Weak Service Binary Permissions
https://notcve.org/view.php?id=CVE-2024-50590
Los atacantes con acceso local al equipo del consultorio médico pueden escalar sus privilegios de usuario de Windows a "NT AUTHORITY\SYSTEM" sobrescribiendo uno de los dos binarios de servicio de Elefant con permisos débiles. ... Además, el instalador de Elefant registra dos servicios de base de datos de Firebird que se ejecutan como "NT AUTHORITY\SYSTEM". • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •