CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46952 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46952
10 Nov 2024 — An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=708001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46953 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46953
10 Nov 2024 — An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46954 – Red Hat Security Advisory 2024-9552-03
https://notcve.org/view.php?id=CVE-2024-46954
10 Nov 2024 — An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. • https://bugs.ghostscript.com/show_bug.cgi?id=707788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46955 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46955
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707990 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición d... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10468 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-10468
29 Oct 2024 — Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1914982 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10467 – firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
https://notcve.org/view.php?id=CVE-2024-10467
29 Oct 2024 — Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 131, Firefox ESR 128.... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10466 – firefox: DOM push subscription message could hang Firefox
https://notcve.org/view.php?id=CVE-2024-10466
29 Oct 2024 — By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive. Multiple security issues were discovered in Firefox. If a user were tricked into ope... • https://bugzilla.mozilla.org/show_bug.cgi?id=1924154 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10465 – firefox: thunderbird: Clipboard "paste" button persisted across tabs
https://notcve.org/view.php?id=CVE-2024-10465
29 Oct 2024 — A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information... • https://bugzilla.mozilla.org/show_bug.cgi?id=1918853 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •