CVSS: 8.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5688 – Mozilla: Use-after-free in JavaScript object transplant
https://notcve.org/view.php?id=CVE-2024-5688
11 Jun 2024 — If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Si se activó una recolección de basura en el momento adecuado, podría haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5702 – Mozilla: Use-after-free in networking
https://notcve.org/view.php?id=CVE-2024-5702
11 Jun 2024 — Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. La corrupción de la memoria en la pila de red podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1193389 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-37535
https://notcve.org/view.php?id=CVE-2024-37535
09 Jun 2024 — GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. GNOME VTE anterior a 0.76.3 permite a un atacante provocar una denegación de servicio (consumo de memoria) mediante una secuencia de escape de cambio de tamaño de ventana, un problema relacionado con CVE-2000-0476. • http://www.openwall.com/lists/oss-security/2024/06/09/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-36472 – gnome-shell: code execution in portal helper
https://notcve.org/view.php?id=CVE-2024-36472
28 May 2024 — In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. En GNOME Shell hasta la versión 45.7, se puede iniciar automáticamente un asistente de portal (sin confirmación del usuario) en función de las resp... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page CWE-346: Origin Validation Error •
CVSS: 4.7EPSS: 0%CPEs: 37EXPL: 0CVE-2024-2201 – CVE-2024-2201
https://notcve.org/view.php?id=CVE-2024-2201
17 May 2024 — A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in ... • http://www.openwall.com/lists/oss-security/2024/04/09/15 • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
17 May 2024 — GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before... • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-47169
https://notcve.org/view.php?id=CVE-2023-47169
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. Las restricciones incorrectas del búfer en todas las versiones del software Intel(R) Media SDK pueden permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-47282
https://notcve.org/view.php?id=CVE-2023-47282
16 May 2024 — Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La escritura fuera de los límites en Intel(R) Media SDK en todas las versiones y en algunos software Intel(R) oneVPL anteriores a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-787: Out-of-bounds Write •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-22656
https://notcve.org/view.php?id=CVE-2023-22656
16 May 2024 — Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La lectura fuera de los límites en Intel(R) Media SDK y algún software Intel(R) oneVPL anterior a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2023-48368
https://notcve.org/view.php?id=CVE-2023-48368
16 May 2024 — Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. La validación de entrada incorrecta en todas las versiones del software Intel(R) Media SDK puede permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •