CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-6609 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6609
09 Jul 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1839258 •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6607 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6607
09 Jul 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1694513 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6606 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6606
09 Jul 2024 — Clipboard code failed to check the index on an array access. Clipboard code failed to check the index on an array access. Clipboard code failed to check the index on an array access. ... Clipboard code failed to check the index on an array access. ... Clipboard code failed to check the index on an array access. ... If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive info... • https://bugzilla.mozilla.org/show_bug.cgi?id=1902305 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6604 – Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
https://notcve.org/view.php?id=CVE-2024-6604
09 Jul 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1748105%2C1837550%2C1884266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6603 – Mozilla: Memory corruption in thread creation
https://notcve.org/view.php?id=CVE-2024-6603
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895081 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2024-6602 – Mozilla: Memory corruption in NSS
https://notcve.org/view.php?id=CVE-2024-6602
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6601 – Mozilla: Race condition in permission assignment
https://notcve.org/view.php?id=CVE-2024-6601
09 Jul 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1890748 • CWE-281: Improper Preservation of Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-6600 – Ubuntu Security Notice USN-6903-1
https://notcve.org/view.php?id=CVE-2024-6600
09 Jul 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1888340 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38363 – Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
https://notcve.org/view.php?id=CVE-2024-38363
09 Jul 2024 — Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. ... La imagen acoplable del generador de conexiones Airbyte es vulnerable a RCE a través de SSTI, lo que permite a un atacante remoto autenticado ejecutar código arbitrario en el servidor como usuario del servidor web. • https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39865
https://notcve.org/view.php?id=CVE-2024-39865
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). ... This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-434: Unrestricted Upload of File with Dangerous Type •