CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35059
https://notcve.org/view.php?id=CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-jqff-8g2v-642h • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35061
https://notcve.org/view.php?id=CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-qv6x-53jj-vw59 https://github.com/advisories/GHSA-jqff-8g2v-642h • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35057
https://notcve.org/view.php?id=CVE-2024-35057
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-jf28-v5f6-cvpr • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-29651
https://notcve.org/view.php?id=CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. • https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24293
https://notcve.org/view.php?id=CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. • https://gist.github.com/tariqhawis/986fb1c9da6be526fb2656ba8d194b7f • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •