CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7348 – PostgreSQL relation replacement during pg_dump executes arbitrary SQL
https://notcve.org/view.php?id=CVE-2024-7348
08 Aug 2024 — Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. A vulnerability was foun... • https://www.postgresql.org/support/security/CVE-2024-7348 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41989 – python-django: Memory exhaustion in django.utils.numberformat.floatformat()
https://notcve.org/view.php?id=CVE-2024-41989
07 Aug 2024 — An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. A security issue was found in Django. If 'floatformat' received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. To avoid this, decimals with more than 200 digits are now returned as is.... • https://docs.djangoproject.com/en/dev/releases/security • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41991 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
https://notcve.org/view.php?id=CVE-2024-41991
07 Aug 2024 — An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. A flaw was found in Django. 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters. It was discovered that Django incorrectly handl... • https://docs.djangoproject.com/en/dev/releases/security • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42005 – python-django: Potential SQL injection in QuerySet.values() and values_list()
https://notcve.org/view.php?id=CVE-2024-42005
07 Aug 2024 — An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. A flaw was found in Django. The QuerySet.values() and QuerySet.values_list() methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. It was discovered that Django incorrectly handled certain string... • https://docs.djangoproject.com/en/dev/releases/security • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-5290 – Ubuntu Security Notice USN-6945-1
https://notcve.org/view.php?id=CVE-2024-5290
07 Aug 2024 — An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. Rory McNamara discovered that wpa_supplicant could be made... • https://github.com/zrax-x/CVE-2024-5290-exp • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41990 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-41990
07 Aug 2024 — An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. A flaw was found in Django. Processing very large inputs with a specific sequence of characters with the urlize and urlizetrunc functions can cause a denial of service. It was discovered that Django incorrectly handled certain strings in floatformat function. • https://docs.djangoproject.com/en/dev/releases/security • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7530 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-7530
06 Aug 2024 — Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations when processing graphics shared memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904011 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-7531 – mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines
https://notcve.org/view.php?id=CVE-2024-7531
06 Aug 2024 — Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change... • https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 • CWE-319: Cleartext Transmission of Sensitive Information CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7529 – mozilla: Document content could partially obscure security prompts
https://notcve.org/view.php?id=CVE-2024-7529
06 Aug 2024 — The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903187 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7528 – mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2024-7528
06 Aug 2024 — Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895951 • CWE-416: Use After Free •