CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4767 – Mozilla: IndexedDB files retained in private browsing mode
https://notcve.org/view.php?id=CVE-2024-4767
14 May 2024 — If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Si la preferencia `browser.privatebrowsing.autostart` está habilitada, los archivos IndexedDB no se eliminaron correctamente cuando se cerró la ventana. Esta preferencia está deshabilitada de forma predeterminada en Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-34459
https://notcve.org/view.php?id=CVE-2024-34459
13 May 2024 — An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Se descubrió un problema en xmllint (de libxml2) anterior a 2.11.8 y 2.12.x anterior a 2.12.7. Formatear mensajes de error con xmllint --htmlout puede provocar una lectura excesiva del búfer en xmlHTMLPrintFileContext en xmllint.c. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.9EPSS: 0%CPEs: 25EXPL: 0CVE-2024-4317 – PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
https://notcve.org/view.php?id=CVE-2024-4317
09 May 2024 — Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that versi... • https://www.postgresql.org/support/security/CVE-2024-4317 • CWE-862: Missing Authorization •
CVSS: 5.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-34397 – glib2: Signal subscription vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34397
07 May 2024 — An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Se descubrió un problema en GNO... • https://gitlab.gnome.org/GNOME/glib/-/issues/3268 • CWE-290: Authentication Bypass by Spoofing CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33899
https://notcve.org/view.php?id=CVE-2024-33899
28 Apr 2024 — RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. RARLAB WinRAR anterior a 7.00, en plataformas Linux y UNIX, permite a los atacantes falsificar la salida de la pantalla o provocar una denegación de servicio mediante secuencias de escape ANSI. • https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-52722
https://notcve.org/view.php?id=CVE-2023-52722
27 Apr 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. Se descubrió un problema en Artifex Ghostscript hasta la versión 10.01.0. psi/zmisc1.c, cuando se utiliza el modo MÁS SEGURO, permite semillas eexec distintas al estándar Tipo 1. • http://www.openwall.com/lists/oss-security/2024/06/28/2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31744
https://notcve.org/view.php?id=CVE-2024-31744
19 Apr 2024 — In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. En Jasper 4.2.2, la función jpc_streamlist_remove en src/libjasper/jpc/jpc_dec.c:2407 tiene una vulnerabilidad de falla de aserción, lo que permite a los atacantes provocar un ataque de denegación de servicio a través de un archivo de imagen específico. • https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5 • CWE-617: Reachable Assertion •
CVSS: 3.7EPSS: 0%CPEs: 39EXPL: 0CVE-2024-21094 – OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
https://notcve.org/view.php?id=CVE-2024-21094
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21085 – OpenJDK: Pack200 excessive memory allocation (8322114)
https://notcve.org/view.php?id=CVE-2024-21085
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abilit... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21068 – OpenJDK: integer overflow in C1 compiler address generation (8322122)
https://notcve.org/view.php?id=CVE-2024-21068
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-787: Out-of-bounds Write •