CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially lead... • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-8394 – thunderbird: Crash when aborting verification of OTR chat
https://notcve.org/view.php?id=CVE-2024-8394
06 Sep 2024 — When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Multiple vulnerabilities have been discovered in Spidermonkey,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 • CWE-416: Use After Free •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45157
https://notcve.org/view.php?id=CVE-2024-45157
05 Sep 2024 — An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. • https://mbed-tls.readthedocs.io/en/latest/security-advisories • CWE-696: Incorrect Behavior Order •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8418 – Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
https://notcve.org/view.php?id=CVE-2024-8418
04 Sep 2024 — A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns. A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit th... • https://access.redhat.com/security/cve/CVE-2024-8418 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45506
https://notcve.org/view.php?id=CVE-2024-45506
04 Sep 2024 — HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service. HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. • http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45230 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-45230
04 Sep 2024 — An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. A flaw was found in Python's Django urlize() and urlizetrunc() functions. Excessive input with a specific sequence of characters may lead to denial of service. It was discovered that Django incorrectly handled certain inputs. • https://docs.djangoproject.com/en/dev/releases/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8389 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-8389
03 Sep 2024 — Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 115.15.0:115 are affected. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1907230%2C1909367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8388
https://notcve.org/view.php?id=CVE-2024-8388
03 Sep 2024 — Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This v... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1839074%2C1865413%2C1868970%2C1873367%2C1877820%2C1884642%2C1886469%2C1894326%2C1894891%2C1897648 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8387 – mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
https://notcve.org/view.php?id=CVE-2024-8387
03 Sep 2024 — Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8386 – mozilla: SelectElements could be shown over another site if popups are allowed
https://notcve.org/view.php?id=CVE-2024-8386
03 Sep 2024 — If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. The Mozilla Foundation's Security Adviso... • https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •