CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47401 – DoS via Amplified GraphQL Response in Playbooks
https://notcve.org/view.php?id=CVE-2024-47401
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. Las versiones 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 y 9.5.x <= 9.5.9 de Mattermost no evitan que se muestren mensajes de error detallados en Playbooks, lo que permite a un atacante generar una respuesta grande y causar una respuesta GraphQL amplificada que, a su vez, podría provocar que la aplicación se bloquee al enviar una solicitud especialmente manipulada a Playbooks. • https://mattermost.com/security-updates • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-48572
https://notcve.org/view.php?id=CVE-2024-48572
A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. Una vulnerabilidad de enumeración de usuarios en AquilaCMS 1.409.20 y versiones anteriores permite a atacantes no autenticados obtener direcciones de correo electrónico a través de la función "Agregar un usuario". La vulnerabilidad se produce debido a que la entrada de usuario no validada de forma suficiente se procesa como una expresión regular, que luego se compara con las direcciones de correo electrónico para encontrar entradas duplicadas. • https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48572 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48573
https://notcve.org/view.php?id=CVE-2024-48573
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. Una vulnerabilidad de inyección NoSQL en AquilaCMS 1.409.20 y versiones anteriores permite a atacantes no autenticados restablecer las contraseñas de cuentas de usuario y administrador a través de la función "Restablecer contraseña". • https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-44197
https://notcve.org/view.php?id=CVE-2024-44197
A malicious app may be able to cause a denial-of-service. • https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570 •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44297
https://notcve.org/view.php?id=CVE-2024-44297
Processing a maliciously crafted message may lead to a denial-of-service. • https://support.apple.com/en-us/121563 https://support.apple.com/en-us/121565 https://support.apple.com/en-us/121566 https://support.apple.com/en-us/121567 https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121569 https://support.apple.com/en-us/121570 •