CVSS: 6.1EPSS: 1%CPEs: 36EXPL: 0CVE-2024-5690 – Mozilla: External protocol handlers leaked by timing attack
https://notcve.org/view.php?id=CVE-2024-5690
11 Jun 2024 — By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al monitorear el tiempo que toman ciertas operaciones, un atacante podría haber adivinado qué controladores de protocolos externos eran funcionales en el sistema de un usuario. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883693 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 8.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5688 – Mozilla: Use-after-free in JavaScript object transplant
https://notcve.org/view.php?id=CVE-2024-5688
11 Jun 2024 — If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Si se activó una recolección de basura en el momento adecuado, podría haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 1%CPEs: 35EXPL: 0CVE-2024-5702 – Mozilla: Use-after-free in networking
https://notcve.org/view.php?id=CVE-2024-5702
11 Jun 2024 — Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. La corrupción de la memoria en la pila de red podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1193389 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 1%CPEs: 25EXPL: 0CVE-2024-5564 – Libndp: buffer overflow in route information length field
https://notcve.org/view.php?id=CVE-2024-5564
31 May 2024 — A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Se encontró una vulnerabilidad en libndp. Esta falla permite que un usuario malintencionado local provoque un desbordamiento del búfer en NetworkManager, provocado al enviar un paquete de publicidad de enrutador IPv6 con formato inco... • https://access.redhat.com/errata/RHSA-2024:4618 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
30 May 2024 — EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divi... • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-36472 – gnome-shell: code execution in portal helper
https://notcve.org/view.php?id=CVE-2024-36472
28 May 2024 — In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. En GNOME Shell hasta la versión 45.7, se puede iniciar automáticamente un asistente de portal (sin confirmación del usuario) en función de las resp... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-3657 – 389-ds-base: potential denial of service via specially crafted kerberos as-req request
https://notcve.org/view.php?id=CVE-2024-3657
28 May 2024 — A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Se encontró una falla en 389-ds-base. Una consulta LDAP especialmente manipulada puede causar potencialmente una falla en el servidor de directorio, lo que lleva a una denegación de servicio. An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 for RHEL 8. Issues addressed include a denial of service vulnerability. • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-2199 – 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
https://notcve.org/view.php?id=CVE-2024-2199
28 May 2024 — A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Se encontró una vulnerabilidad de denegación de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar "userPassword" utilizando una entrada con formato incorrecto. An update for the redhat-ds:11 module is now available for Red Hat... • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4777 – Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://notcve.org/view.php?id=CVE-2024-4777
14 May 2024 — Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4770 – Mozilla: Use-after-free could occur when printing to PDF
https://notcve.org/view.php?id=CVE-2024-4770
14 May 2024 — When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al guardar una página en PDF, ciertos estilos de fuente podrían haber provocado un posible bloqueo del use-after-free. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 • CWE-416: Use After Free •