CVSS: 7.1EPSS: %CPEs: 18EXPL: 0CVE-2024-25743 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25743
15 May 2024 — In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux hasta 6.7.2, un hipervisor que no es de confianza puede inyectar interrupciones virtuales 0 y 14 en cualquier momento y puede activar el controlador de señales SIGFPE en aplicaciones de espacio de usuario. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability w... • https://bugzilla.redhat.com/show_bug.cgi?id=2270836 •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4777 – Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://notcve.org/view.php?id=CVE-2024-4777
14 May 2024 — Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4770 – Mozilla: Use-after-free could occur when printing to PDF
https://notcve.org/view.php?id=CVE-2024-4770
14 May 2024 — When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al guardar una página en PDF, ciertos estilos de fuente podrían haber provocado un posible bloqueo del use-after-free. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4769 – Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2024-4769
14 May 2024 — When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas `aplicación/javascript` y respuestas sin script. Se podría haber abusado de esto para ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 • CWE-351: Insufficient Type Distinction CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4768 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-4768
14 May 2024 — A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Un error en la interacción de las notificaciones emergentes con WebAuthn facilitó que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 • CWE-281: Improper Preservation of Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4767 – Mozilla: IndexedDB files retained in private browsing mode
https://notcve.org/view.php?id=CVE-2024-4767
14 May 2024 — If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Si la preferencia `browser.privatebrowsing.autostart` está habilitada, los archivos IndexedDB no se eliminaron correctamente cuando se cerró la ventana. Esta preferencia está deshabilitada de forma predeterminada en Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33875
https://notcve.org/view.php?id=CVE-2024-33875
14 May 2024 — HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. La librería HDF5 hasta la versión 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5O__layout_encode en H5Olayout.c, lo que provoca la corrupción del puntero de instrucción. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33873
https://notcve.org/view.php?id=CVE-2024-33873
14 May 2024 — HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. La librería HDF5 hasta 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5D__scatter_mem en H5Dscatgath.c. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33874
https://notcve.org/view.php?id=CVE-2024-33874
14 May 2024 — HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. La librería HDF5 hasta 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5O__mtime_new_encode en H5Omtime.c. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32619
https://notcve.org/view.php?id=CVE-2024-32619
14 May 2024 — HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. La librería HDF5 hasta la versión 1.14.3 contiene un desbordamiento de búfer de almacenamiento dinámico en H5T_copy_reopen en H5T.c, lo que provoca la corrupción del puntero de instrucción. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •