CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-37039
https://notcve.org/view.php?id=CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5560
https://notcve.org/view.php?id=CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34065 – @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
https://notcve.org/view.php?id=CVE-2024-34065
Al combinar dos vulnerabilidades (un `Open Redirect` y un `token de sesión enviado como parámetro de consulta de URL`) en @strapi/plugin-users-permissions antes de la versión 4.24.2, es posible que un atacante no autenticado evite los mecanismos de autenticación y recupere the 3rd party tokens. ... Los atacantes no autenticados pueden aprovechar dos vulnerabilidades para obtener un token de terceros y evitar la autenticación de las aplicaciones Strapi. • https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc • CWE-294: Authentication Bypass by Capture-replay CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31217 – @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
https://notcve.org/view.php?id=CVE-2024-31217
Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. • https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7 https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm • CWE-248: Uncaught Exception •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5313
https://notcve.org/view.php?id=CVE-2024-5313
Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf • CWE-668: Exposure of Resource to Wrong Sphere •