Page 20 of 242 results (0.013 seconds)

CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0

19 Mar 2024 — `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` y `AppendEncodedCharacters()` podrían haber experimentado desbordamientos de enteros, lo que provocó una asignación insuficiente de un bú... • https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0

19 Mar 2024 — Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Se sobrescribieron los registros de retorno, lo que podría haber permitido a un atacante ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1879939 • CWE-123: Write-what-where Condition CWE-1262: Improper Access Control for Register Interface •

CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0

19 Mar 2024 — An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Un atacante podría haber aprovechado el Informe de errores de Windows para ejecutar código arbitrario en el sistema escapando del entorno limitado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1872920 •

CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0

14 Mar 2024 — Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de la información a través del estado de la microarquitectura después de la ejecución transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgación de info... • http://www.openwall.com/lists/oss-security/2024/03/12/13 • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •

CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0

14 Mar 2024 — Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. La falla del mecanismo de protección en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generación cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. A vulnerability ... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

14 Mar 2024 — Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. La falla del mecanismo de protección del regulador de bloqueo del bus para algunos procesadores Intel(R) puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso a la red. A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue m... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

14 Mar 2024 — Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. El intercambio no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado habilite potencialmente la divulgación de información a través del acceso local. A vulnerability was found in some Intel processors that may allow a malicious actor... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-1303: Non-Transparent Sharing of Microarchitectural Resources •

CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0

14 Mar 2024 — Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. El cálculo incorrecto en el mecanismo de codificación de microcódigo para algunos procesadores Intel(R) Xeon(R) D con Intel(R) SGX puede permitir que un usuario privilegiado habilite potencialmente la divulgación de información a través del acceso local. A vulnerability was found in some Intel Xeon D Processors... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-682: Incorrect Calculation •

CVSS: 5.7EPSS: 0%CPEs: 14EXPL: 2

13 Mar 2024 — A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Se ha revelado una vulnerabilidad de condición de ejecución especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecución especulativa (relacionada c... • https://github.com/vusec/ghostrace • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 3

10 Mar 2024 — libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate). An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers. • https://github.com/RenukaSelvar/expat_CVE-2024-28757 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •