CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2024-21823 – kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
https://notcve.org/view.php?id=CVE-2024-21823
16 May 2024 — Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. La lógica de hardware con desincronización insegura en Intel(R) DSA e Intel(R) IAA para algunos procesadores Intel(R) Xeon(R) de cuarta o quinta generación puede permitir que un usuario autorizado habilite potencialmente la denegación de servicio a través del acceso local. Hardware lo... • http://www.openwall.com/lists/oss-security/2024/05/15/1 • CWE-400: Uncontrolled Resource Consumption CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels •
CVSS: 10.0EPSS: 2%CPEs: 32EXPL: 0CVE-2024-33871 – ghostscript: OPVP device arbitrary code execution via custom Driver library
https://notcve.org/view.php?id=CVE-2024-33871
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. Se descubrió un problema en Artifex Ghostscript antes de la versión 10.03.1. contrib/opvp/gdevopvp.c permite la ejecución de código arbitrario a través de una librería d... • https://bugs.ghostscript.com/show_bug.cgi?id=707754 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0CVE-2024-4777 – Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://notcve.org/view.php?id=CVE-2024-4777
14 May 2024 — Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4770 – Mozilla: Use-after-free could occur when printing to PDF
https://notcve.org/view.php?id=CVE-2024-4770
14 May 2024 — When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al guardar una página en PDF, ciertos estilos de fuente podrían haber provocado un posible bloqueo del use-after-free. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4769 – Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2024-4769
14 May 2024 — When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas `aplicación/javascript` y respuestas sin script. Se podría haber abusado de esto para ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 • CWE-351: Insufficient Type Distinction CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4768 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-4768
14 May 2024 — A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Un error en la interacción de las notificaciones emergentes con WebAuthn facilitó que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 • CWE-281: Improper Preservation of Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4767 – Mozilla: IndexedDB files retained in private browsing mode
https://notcve.org/view.php?id=CVE-2024-4767
14 May 2024 — If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Si la preferencia `browser.privatebrowsing.autostart` está habilitada, los archivos IndexedDB no se eliminaron correctamente cuando se cerró la ventana. Esta preferencia está deshabilitada de forma predeterminada en Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 39EXPL: 0CVE-2024-21094 – OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
https://notcve.org/view.php?id=CVE-2024-21094
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21085 – OpenJDK: Pack200 excessive memory allocation (8322114)
https://notcve.org/view.php?id=CVE-2024-21085
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abilit... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21068 – OpenJDK: integer overflow in C1 compiler address generation (8322122)
https://notcve.org/view.php?id=CVE-2024-21068
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-787: Out-of-bounds Write •