CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-3099 – Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-3099
This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. ... Esta falla puede provocar una denegación de servicio (DoS), ya que es posible que un usuario autenticado no pueda utilizar el modelo deseado, ya que abrirá un modelo diferente cada vez. • https://github.com/efekaanakkar/CVE-2024-30998 https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a • CWE-475: Undefined Behavior for Input to API •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2914 – TarSlip Vulnerability in deepjavalibrary/djl
https://notcve.org/view.php?id=CVE-2024-2914
Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. • https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370 https://huntr.com/bounties/b064bd2f-bf6e-4fc0-898e-7d02a9b97e24 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-3104 – Remote Code Execution in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3104
Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service. • https://github.com/mintplex-labs/anything-llm/commit/bfedfebfab032e6f4d5a369c8a2f947c5d0c5286 https://huntr.com/bounties/4f2fcb45-5828-4bec-985a-9d3a0ee00462 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36742
https://notcve.org/view.php?id=CVE-2024-36742
Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. ... Oneflow v0.9.1 permite a los atacantes provocar una denegación de servicio (DoS) cuando el parámetro de índice excede el rango de forma. • https://gist.github.com/Redmept1on/761f0d0d09a912b8b93e0cf8dd877e94 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5658 – CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
https://notcve.org/view.php?id=CVE-2024-5658
El complemento CraftCMS Autenticación de dos factores hasta 3.3.3 permite la reutilización de tokens TOTP varias veces dentro del período de validez. • http://www.openwall.com/lists/oss-security/2024/06/06/2 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-287: Improper Authentication •