CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39018
https://notcve.org/view.php?id=CVE-2024-39018
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39015
https://notcve.org/view.php?id=CVE-2024-39015
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38992
https://notcve.org/view.php?id=CVE-2024-38992
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34703 – Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters
https://notcve.org/view.php?id=CVE-2024-34703
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. • https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4 https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7 • CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5926 – Path Traversal in stitionai/devika
https://notcve.org/view.php?id=CVE-2024-5926
A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). This issue is present in all versions of the application. ... By setting 'project-name' to the root directory, an attacker can cause the application to attempt to read the entire filesystem, leading to a DoS condition. • https://huntr.com/bounties/19af24fe-9b90-4638-8fbc-b18def6985d7 • CWE-29: Path Traversal: '\..\filename' •