CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39011
https://notcve.org/view.php?id=CVE-2024-39011
30 Jul 2024 — Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. Prototype Pollution en chargeover redoc v2.0.9-rc.69 permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) y provocar otros impactos a través de la función mergeObjects. • https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39012
https://notcve.org/view.php?id=CVE-2024-39012
30 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41437
https://notcve.org/view.php?id=CVE-2024-41437
30 Jul 2024 — A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41438
https://notcve.org/view.php?id=CVE-2024-41438
30 Jul 2024 — A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41439
https://notcve.org/view.php?id=CVE-2024-41439
30 Jul 2024 — A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41440
https://notcve.org/view.php?id=CVE-2024-41440
30 Jul 2024 — A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41443
https://notcve.org/view.php?id=CVE-2024-41443
30 Jul 2024 — A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40094 – graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
https://notcve.org/view.php?id=CVE-2024-40094
30 Jul 2024 — GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. ... This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. ... This issue could lead to resource exhaustion and service disruption under certain conditions. • https://github.com/graphql-java/graphql-java/releases/tag/v21.5 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2024-40782 – webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
https://notcve.org/view.php?id=CVE-2024-40782
29 Jul 2024 — Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27877 – Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27877
29 Jul 2024 — Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. • https://support.apple.com/en-us/HT214120 •