CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2024-6345 – Remote Code Execution in pypa/setuptools
https://notcve.org/view.php?id=CVE-2024-6345
15 Jul 2024 — A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Una vulnerabilidad en el módulo package_in... • https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2024-39614 – python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
https://notcve.org/view.php?id=CVE-2024-39614
10 Jul 2024 — An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. Se descubrió un problema en Django 5.0 anterior a 5.0.7 y 4.2 anterior a 4.2.14. get_supported_language_variant() estaba sujeto a un posible ataque de denegación de servicio cuando se usaba con cadenas muy largas que contenían caracteres específicos. A vulnerability was found in Python-D... • https://github.com/Abdurahmon3236/-CVE-2024-39614 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39330 – python-django: Potential directory-traversal in django.core.files.storage.Storage.save()
https://notcve.org/view.php?id=CVE-2024-39330
10 Jul 2024 — An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) Se descubrió un problema en Django 5.0 anterior a 5.0.7 y 4.2 anterior a 4.2.14. Las clases derivadas de la clase base django.core.file... • https://docs.djangoproject.com/en/dev/releases/security • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39329 – python-django: Username enumeration through timing difference for users with unusable passwords
https://notcve.org/view.php?id=CVE-2024-39329
10 Jul 2024 — An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. Se descubrió un problema en Django 5.0 anterior a 5.0.7 y 4.2 anterior a 4.2.14. El método django.contrib.auth.backends.ModelBackend.authenticate() permite a atacantes remotos enumerar usuarios mediante un ataque de sincronización que involucra ... • https://docs.djangoproject.com/en/dev/releases/security • CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38875 – python-django: Potential denial-of-service in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-38875
10 Jul 2024 — An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. Se descubrió un problema en Django 4.2 anterior a 4.2.14 y 5.0 anterior a 5.0.7. urlize y urlizetrunc estuvieron sujetos a un posible ataque de denegación de servicio a través de ciertas entradas con una gran cantidad de corchetes. A vulnerability was found in the Django framework's urlize and urlizetrun... • https://docs.djangoproject.com/en/dev/releases/security • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6615 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-6615
09 Jul 2024 — Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128. Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1892875%2C1894428%2C1898364 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6614 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6614
09 Jul 2024 — The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902983 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6613 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6613
09 Jul 2024 — The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1900523 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6612 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6612
09 Jul 2024 — CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128. Las infracciones de CSP generaron enlaces en la pestaña de la consola de las herramientas de desarrollador, que apuntaban al recurso infractor. Esto provocó una captación previa de DNS que filtró que se había producido una infracción de CSP. • https://bugzilla.mozilla.org/show_bug.cgi?id=1880374 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6611 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-6611
09 Jul 2024 — A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128. Un iframe anidado, que activa una navegación entre sitios, podría enviar cookies SameSite=Strict o Lax. Esta vulnerabilidad afecta a Firefox < 128. A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. • https://bugzilla.mozilla.org/show_bug.cgi?id=1844827 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •