CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-45619 – Libopensc: incorrect handling length of buffers or files in libopensc
https://notcve.org/view.php?id=CVE-2024-45619
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45618 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
https://notcve.org/view.php?id=CVE-2024-45618
03 Sep 2024 — A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. • https://access.redhat.com/security/cve/CVE-2024-45618 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45617 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
https://notcve.org/view.php?id=CVE-2024-45617
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45617 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45616 – Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
https://notcve.org/view.php?id=CVE-2024-45616
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45616 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45615 – Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init
https://notcve.org/view.php?id=CVE-2024-45615
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to ot... • https://access.redhat.com/security/cve/CVE-2024-45615 • CWE-457: Use of Uninitialized Variable •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8387 – mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
https://notcve.org/view.php?id=CVE-2024-8387
03 Sep 2024 — Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8386 – mozilla: SelectElements could be shown over another site if popups are allowed
https://notcve.org/view.php?id=CVE-2024-8386
03 Sep 2024 — If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. The Mozilla Foundation's Security Adviso... • https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. The Mozilla Foundation's Security Advisory: A difference in the handling of Struct... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8384 – mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
https://notcve.org/view.php?id=CVE-2024-8384
03 Sep 2024 — The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-8383 – mozilla: Firefox did not ask before openings news: links in an external application
https://notcve.org/view.php?id=CVE-2024-8383
03 Sep 2024 — Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability af... • https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •