CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21270
https://notcve.org/view.php?id=CVE-2024-21270
15 Oct 2024 — Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as un... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21268
https://notcve.org/view.php?id=CVE-2024-21268
15 Oct 2024 — Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 9%CPEs: 36EXPL: 2CVE-2024-9680 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-9680
09 Oct 2024 — An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1. An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. • https://github.com/tdonaworth/Firefox-CVE-2024-9680 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-9402 – firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
https://notcve.org/view.php?id=CVE-2024-9402
01 Oct 2024 — Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: Memory safety bugs are present in Firefox 130, Firefox ESR... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-9401 – firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
https://notcve.org/view.php?id=CVE-2024-9401
01 Oct 2024 — Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 1... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-9400 – firefox: thunderbird: Potential memory corruption during JIT compilation
https://notcve.org/view.php?id=CVE-2024-9400
01 Oct 2024 — A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A potential memory corruption vulnerability could be triggered if an attacker has the ability to trigger an OOM at a specific moment during JIT compilation. Multiple vulnerabilities have been discovered i... • https://bugzilla.mozilla.org/show_bug.cgi?id=1915249 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-9399 – firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
https://notcve.org/view.php?id=CVE-2024-9399
01 Oct 2024 — A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process, leading to a denial of service condition. Multiple vulnerabilities have been discovered in Mozilla Thunder... • https://bugzilla.mozilla.org/show_bug.cgi?id=1907726 • CWE-404: Improper Resource Shutdown or Release CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2024-9398 – firefox: thunderbird: External protocol handlers could be enumerated via popups
https://notcve.org/view.php?id=CVE-2024-9398
01 Oct 2024 — By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handl... • https://bugzilla.mozilla.org/show_bug.cgi?id=1881037 • CWE-203: Observable Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-9397 – firefox: thunderbird: Potential directory upload bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-9397
01 Oct 2024 — A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. Multiple security... • https://bugzilla.mozilla.org/show_bug.cgi?id=1916659 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-9396 – firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
https://notcve.org/view.php?id=CVE-2024-9396
01 Oct 2024 — It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to mem... • https://bugzilla.mozilla.org/show_bug.cgi?id=1912471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •