CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6601 – Mozilla: Race condition in permission assignment
https://notcve.org/view.php?id=CVE-2024-6601
09 Jul 2024 — A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining... • https://bugzilla.mozilla.org/show_bug.cgi?id=1890748 • CWE-281: Improper Preservation of Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-6600
https://notcve.org/view.php?id=CVE-2024-6600
09 Jul 2024 — Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 1... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888340 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 1CVE-2024-3596 – RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
https://notcve.org/view.php?id=CVE-2024-3596
09 Jul 2024 — RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta... • https://github.com/alperenugurlu/CVE-2024-3596-Detector • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-52168
https://notcve.org/view.php?id=CVE-2023-52168
03 Jul 2024 — The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un desbordamiento de búfer basado en montón que permite a un atacante sobrescribir dos bytes en múltiples desplazamientos más allá del tamaño de búfer asignado: búfer+512*i-2, para i =... • http://www.openwall.com/lists/oss-security/2024/07/03/10 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-52169
https://notcve.org/view.php?id=CVE-2023-52169
03 Jul 2024 — The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un... • http://www.openwall.com/lists/oss-security/2024/07/03/10 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-4467 – Qemu-kvm: 'qemu-img info' leads to host file read/write
https://notcve.org/view.php?id=CVE-2024-4467
02 Jul 2024 — A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Se encontró una falla en el comando 'info' de la utilidad de imagen de disco QEMU (qemu-img). Un archivo de imagen especialmente manipulado que contenga un valor `json:{}` que des... • http://www.openwall.com/lists/oss-security/2024/07/23/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-37370 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37370
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicación. A vulnerability was found in the MIT Kerberos 5 GSS k... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef •
CVSS: 9.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-37371 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37371
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no válidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no válidos. A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the pla... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2024-5642 – Buffer overread when using an empty list with SSLContext.set_npn_protocols()
https://notcve.org/view.php?id=CVE-2024-5642
27 Jun 2024 — CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). CPython 3.9 y versiones anteriores no permiten la configuración de una lista ... • http://www.openwall.com/lists/oss-security/2024/06/28/4 •
CVSS: 7.7EPSS: 0%CPEs: 16EXPL: 0CVE-2024-22232 – Specially crafted url can be created which leads to a directory traversal in the salt file server
https://notcve.org/view.php?id=CVE-2024-22232
27 Jun 2024 — A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem. Se puede crear una URL especialmente manipulada que conduzca a directory traversal en el servidor de archivos salt. Un usuario malintencionado puede leer un archivo arbitrario del sistema de archivos de un maestro Salt. A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious u... • https://saltproject.io/security-announcements/2024-01-31-advisory • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •