CVE-2024-50318
https://notcve.org/view.php?id=CVE-2024-50318
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVE-2024-50317
https://notcve.org/view.php?id=CVE-2024-50317
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVE-2024-50386 – Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
https://notcve.org/view.php?id=CVE-2024-50386
Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3 • CWE-20: Improper Input Validation •
CVE-2024-10717 – Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license
https://notcve.org/view.php?id=CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. • https://plugins.trac.wordpress.org/browser/styler-for-ninja-forms-lite/tags/3.3.4/admin-menu/licenses.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve • CWE-862: Missing Authorization •
CVE-2024-50558
https://notcve.org/view.php?id=CVE-2024-50558
This could allow an attacker to cause a temporary denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •