CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7525 – mozilla: Missing permission check when creating a StreamFilter
https://notcve.org/view.php?id=CVE-2024-7525
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1909298 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7524 – mozilla: CSP strict-dynamic bypass using web-compatibility shims
https://notcve.org/view.php?id=CVE-2024-7524
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1909241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7522 – mozilla: Out of bounds read in editor component
https://notcve.org/view.php?id=CVE-2024-7522
06 Aug 2024 — Editor code failed to check an attribute value. Editor code failed to check an attribute value. ... Editor code failed to check an attribute value. ... The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. ... If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary<... • https://bugzilla.mozilla.org/show_bug.cgi?id=1906727 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7521 – mozilla: Incomplete WebAssembly exception handing
https://notcve.org/view.php?id=CVE-2024-7521
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904644 • CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. ... A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. ... The Mozilla Foundation Security Advisory describes this flaw as: A type confusion bug in WebAssembly could be leveraged by an attacker ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7519 – mozilla: Out of bounds memory access in graphics shared memory handling
https://notcve.org/view.php?id=CVE-2024-7519
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7009 – Calibre SQL Injection
https://notcve.org/view.php?id=CVE-2024-7009
06 Aug 2024 — Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. ... Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. • https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7008 – Calibre Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-7008
06 Aug 2024 — Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. • https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 8CVE-2024-6782 – Calibre Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6782
06 Aug 2024 — Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. ... Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. • https://packetstorm.news/files/id/181540 • CWE-863: Incorrect Authorization •