CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-20129
https://notcve.org/view.php?id=CVE-2024-20129
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2024 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39343
https://notcve.org/view.php?id=CVE-2024-39343
The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45520
https://notcve.org/view.php?id=CVE-2024-45520
WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file. • https://withsecure.com https://www.withsecure.com/en/support/security-advisories/cve-2024-45520 • CWE-125: Out-of-bounds Read •
CVSS: 2.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53861 – Issuer field partial matches allowed in pyjwt
https://notcve.org/view.php?id=CVE-2024-53861
This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" !... Signature checks are still present so real world impact is likely limited to denial of service scenarios. • https://github.com/jpadilla/pyjwt/commit/1570e708672aa9036bc772476beae8bfa48f4131#diff-6893ad4a1c5a36b8af3028db8c8bc3b62418149843fc382faf901eaab008e380R366 https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1 https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm • CWE-697: Incorrect Comparison •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52810 – Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4
https://notcve.org/view.php?id=CVE-2024-52810
The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. • https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •