CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4770 – Mozilla: Use-after-free could occur when printing to PDF
https://notcve.org/view.php?id=CVE-2024-4770
14 May 2024 — When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al guardar una página en PDF, ciertos estilos de fuente podrían haber provocado un posible bloqueo del use-after-free. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4769 – Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2024-4769
14 May 2024 — When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas `aplicación/javascript` y respuestas sin script. Se podría haber abusado de esto para ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 • CWE-351: Insufficient Type Distinction CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4768 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-4768
14 May 2024 — A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Un error en la interacción de las notificaciones emergentes con WebAuthn facilitó que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 • CWE-281: Improper Preservation of Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4767 – Mozilla: IndexedDB files retained in private browsing mode
https://notcve.org/view.php?id=CVE-2024-4767
14 May 2024 — If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Si la preferencia `browser.privatebrowsing.autostart` está habilitada, los archivos IndexedDB no se eliminaron correctamente cuando se cerró la ventana. Esta preferencia está deshabilitada de forma predeterminada en Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2024-26306 – iperf3: vulnerable to marvin attack if the authentication option is used
https://notcve.org/view.php?id=CVE-2024-26306
13 May 2024 — iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. iPerf3 anterior a 3.17, cuando se usa con OpenSSL anterior a 3.2.0 como servidor con autenticación RSA, permite un canal late... • https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-34459 – Ubuntu Security Notice USN-7240-1
https://notcve.org/view.php?id=CVE-2024-34459
13 May 2024 — An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Se descubrió un problema en xmllint (de libxml2) anterior a 2.11.8 y 2.12.x anterior a 2.12.7. Formatear mensajes de error con xmllint --htmlout puede provocar una lectura excesiva del búfer en xmlHTMLPrintFileContext en xmllint.c. It was discovered that libxml2 incorrectly handled certain memory o... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33875
https://notcve.org/view.php?id=CVE-2024-33875
09 May 2024 — HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. La librería HDF5 hasta la versión 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5O__layout_encode en H5Olayout.c, lo que provoca la corrupción del puntero de instrucción. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33874
https://notcve.org/view.php?id=CVE-2024-33874
09 May 2024 — HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. La librería HDF5 hasta 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5O__mtime_new_encode en H5Omtime.c. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33873
https://notcve.org/view.php?id=CVE-2024-33873
09 May 2024 — HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. La librería HDF5 hasta 1.14.3 tiene un desbordamiento de búfer de almacenamiento dinámico en H5D__scatter_mem en H5Dscatgath.c. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32620
https://notcve.org/view.php?id=CVE-2024-32620
09 May 2024 — HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. La librería HDF5 hasta la versión 1.14.3 contiene un búfer basado en montón sobreleído en H5F_addr_decode_len en H5Fint.c, lo que provoca la corrupción del puntero de instrucción. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •