CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5520 – Cross-Site Scripting stored in Alkacon OpenCMS
https://notcve.org/view.php?id=CVE-2024-5520
Se han descubierto dos vulnerabilidades de Cross-Site Scripting en OpenCMS de Alkacon que afectan a la versión 16, las cuales podrían permitir que un usuario con suficientes privilegios para crear y modificar páginas web a través del panel de administración, pueda ejecutar código JavaScript malicioso, después de insertar código en el campo "título". • https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36114 – Decompressors can crash the JVM and leak memory content in Aircompressor
https://notcve.org/view.php?id=CVE-2024-36114
When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. • https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071 https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35221 – Denial of service when publishing a package on rubygems.org
https://notcve.org/view.php?id=CVE-2024-35221
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. ... YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). ... Un editor de gemas puede provocar un DoS remoto al publicar una gema. • https://en.wikipedia.org/wiki/Billion_laughs_attack https://github.com/ruby/ruby/blob/7cf74a2ff28b1b4c26e367d0d67521f7e1fed239/lib/rubygems/safe_yaml.rb#L28 https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4vc5-whwr-7hh2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35492
https://notcve.org/view.php?id=CVE-2024-35492
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet. ... Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un paquete MQTT manipulado. • https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Mongoose_null_pointer.md • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35434
https://notcve.org/view.php?id=CVE-2024-35434
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet. ... Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un paquete SIP manipulado. • https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md • CWE-122: Heap-based Buffer Overflow •