CVSS: 4.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-8309 – SQL Injection in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-8309
29 Oct 2024 — This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. • https://github.com/liadlevy/CVE-2024-8309 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-7042 – Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection
https://notcve.org/view.php?id=CVE-2024-7042
29 Oct 2024 — This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. • https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5823 – File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5823
29 Oct 2024 — Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7807 – Denial of Service (DOS) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-7807
29 Oct 2024 — A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibi... • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10464 – firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser
https://notcve.org/view.php?id=CVE-2024-10464
29 Oct 2024 — Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. ... The Mozilla Foundation's Security Advisory: Repeated writes to history interface attributes could be used to cause a Denial of Service condition in the browser. • https://bugzilla.mozilla.org/show_bug.cgi?id=1913000 • CWE-125: Out-of-bounds Read CWE-799: Improper Control of Interaction Frequency •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47401 – DoS via Amplified GraphQL Response in Playbooks
https://notcve.org/view.php?id=CVE-2024-47401
29 Oct 2024 — Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. Las versiones 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 y 9.5.x <= 9.5.9 de Mattermost no evitan que se muestren mensajes de error detallados en Playbooks, lo que p... • https://mattermost.com/security-updates • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-48572
https://notcve.org/view.php?id=CVE-2024-48572
29 Oct 2024 — A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. Una vulnerabilidad de enumeración de usuarios en AquilaCMS 1.409.20 y versiones anteriores permite a atacantes no autenticados obtener direcciones de correo electrónico a travé... • https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48572 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48573
https://notcve.org/view.php?id=CVE-2024-48573
29 Oct 2024 — A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. Una vulnerabilidad de inyección NoSQL en AquilaCMS 1.409.20 y versiones anteriores permite a atacantes no autenticados restablecer las contraseñas de cuentas de usuario y administrador a través de la función "Restablecer contraseña". • https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-44197
https://notcve.org/view.php?id=CVE-2024-44197
28 Oct 2024 — A malicious app may be able to cause a denial-of-service. • https://support.apple.com/en-us/121568 •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44297
https://notcve.org/view.php?id=CVE-2024-44297
28 Oct 2024 — Processing a maliciously crafted message may lead to a denial-of-service. • https://support.apple.com/en-us/121563 •