CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6604 – Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
https://notcve.org/view.php?id=CVE-2024-6604
09 Jul 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1748105%2C1837550%2C1884266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6603 – Mozilla: Memory corruption in thread creation
https://notcve.org/view.php?id=CVE-2024-6603
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895081 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2024-6602 – Mozilla: Memory corruption in NSS
https://notcve.org/view.php?id=CVE-2024-6602
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6601 – Mozilla: Race condition in permission assignment
https://notcve.org/view.php?id=CVE-2024-6601
09 Jul 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1890748 • CWE-281: Improper Preservation of Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-6600 – Ubuntu Security Notice USN-6903-1
https://notcve.org/view.php?id=CVE-2024-6600
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1888340 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38363 – Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
https://notcve.org/view.php?id=CVE-2024-38363
09 Jul 2024 — Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. ... La imagen acoplable del generador de conexiones Airbyte es vulnerable a RCE a través de SSTI, lo que permite a un atacante remoto autenticado ejecutar código arbitrario en el servidor como usuario del servidor web. • https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39865
https://notcve.org/view.php?id=CVE-2024-39865
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). ... This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39571
https://notcve.org/view.php?id=CVE-2024-39571
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). ... This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-928781.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39570
https://notcve.org/view.php?id=CVE-2024-39570
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). ... This could allow an authenticated attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-928781.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39569
https://notcve.org/view.php?id=CVE-2024-39569
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). ... This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •