CVE-2024-43367 – Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
https://notcve.org/view.php?id=CVE-2024-43367
Boa's implementation of `AsyncGenerator` makes the assumption that the state of an `AsyncGenerator` object cannot change while resolving a promise created by methods of `AsyncGenerator` such as `%AsyncGeneratorPrototype%.next`, `%AsyncGeneratorPrototype%.return`, or `%AsyncGeneratorPrototype%.throw`. However, a carefully constructed code could trigger a state transition from a getter method for the promise's `then` property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user. ... Users unable to upgrade to the patched version would want to use `std::panic::catch_unwind` to ensure any exceptions caused by the engine don't impact the availability of the main application. • https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7 • CWE-248: Uncaught Exception •
CVE-2024-40705 – IBM InfoSphere Information Server denial of service
https://notcve.org/view.php?id=CVE-2024-40705
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. • https://www.ibm.com/support/pages/node/7160855 https://exchange.xforce.ibmcloud.com/vulnerabilities/298279 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVE-2024-6347 – Unauthorized access to ECU functionality
https://notcve.org/view.php?id=CVE-2024-6347
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. • https://asrg.io/security-advisories/CVE-2024-6347 • CWE-285: Improper Authorization CWE-306: Missing Authentication for Critical Function •
CVE-2024-42944
https://notcve.org/view.php?id=CVE-2024-42944
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromNatlimit.md • CWE-121: Stack-based Buffer Overflow •
CVE-2024-42984
https://notcve.org/view.php?id=CVE-2024-42984
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromP2pListFilter.md • CWE-121: Stack-based Buffer Overflow •