CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55655 – sigstore-python has insufficient validation of integration timestamp during verification
https://notcve.org/view.php?id=CVE-2024-55655
In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify). Separately, an attacker could upload a *new* entry to the transparency service, and substitute their new entry's time. • https://github.com/sigstore/sigstore-python/commit/300b502ae99ebfaace124f1f4e422a6a669369cf https://github.com/sigstore/sigstore-python/releases/tag/v3.6.0 https://github.com/sigstore/sigstore-python/security/advisories/GHSA-hhfg-fwrw-87w7 • CWE-20: Improper Input Validation CWE-325: Missing Cryptographic Step •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55653 – pwndoc's UnhandledPromiseRejection on audits causes Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2024-55653
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available. • https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52833 – Substance3D - Modeler | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-52833
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. • https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53006 – Substance3D - Modeler | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-53006
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. • https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53952 – InDesign Desktop | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-53952
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. • https://helpx.adobe.com/security/products/indesign/apsb24-97.html • CWE-476: NULL Pointer Dereference •