CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-7042 – Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection
https://notcve.org/view.php?id=CVE-2024-7042
This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. • https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6 https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5823 – File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5823
Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7807 – Denial of Service (DOS) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-7807
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175 https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10464 – firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser
https://notcve.org/view.php?id=CVE-2024-10464
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. ... The Mozilla Foundation's Security Advisory: Repeated writes to history interface attributes could be used to cause a Denial of Service condition in the browser. • https://bugzilla.mozilla.org/show_bug.cgi?id=1913000 https://www.mozilla.org/security/advisories/mfsa2024-55 https://www.mozilla.org/security/advisories/mfsa2024-56 https://www.mozilla.org/security/advisories/mfsa2024-58 https://www.mozilla.org/security/advisories/mfsa2024-59 https://access.redhat.com/security/cve/CVE-2024-10464 https://bugzilla.redhat.com/show_bug.cgi?id=2322424 • CWE-125: Out-of-bounds Read CWE-799: Improper Control of Interaction Frequency •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47401 – DoS via Amplified GraphQL Response in Playbooks
https://notcve.org/view.php?id=CVE-2024-47401
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. Las versiones 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 y 9.5.x <= 9.5.9 de Mattermost no evitan que se muestren mensajes de error detallados en Playbooks, lo que permite a un atacante generar una respuesta grande y causar una respuesta GraphQL amplificada que, a su vez, podría provocar que la aplicación se bloquee al enviar una solicitud especialmente manipulada a Playbooks. • https://mattermost.com/security-updates • CWE-770: Allocation of Resources Without Limits or Throttling •