CVSS: 6.4EPSS: 1%CPEs: 35EXPL: 0CVE-2024-5693 – Mozilla: Cross-Origin Image leak via Offscreen Canvas
https://notcve.org/view.php?id=CVE-2024-5693
11 Jun 2024 — Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Offscreen Canvas no realizó un seguimiento adecuado de la contaminación de origen cruzado, que podría usarse para acceder a datos de imágenes de otro sitio en violación de la política del mismo origen. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891319 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5691 – Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
https://notcve.org/view.php?id=CVE-2024-5691
11 Jun 2024 — By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al engañar al navegador con un encabezado `X-Frame-Options`, un iframe en espacio aislado podría haber presentado un botón que, si un usuario hiciera clic en él, evitaría las restricciones para abrir una nueva ventana. Esta vulnerabilidad a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888695 • CWE-284: Improper Access Control CWE-693: Protection Mechanism Failure •
CVSS: 6.1EPSS: 4%CPEs: 36EXPL: 0CVE-2024-5690 – Mozilla: External protocol handlers leaked by timing attack
https://notcve.org/view.php?id=CVE-2024-5690
11 Jun 2024 — By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al monitorear el tiempo que toman ciertas operaciones, un atacante podría haber adivinado qué controladores de protocolos externos eran funcionales en el sistema de un usuario. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883693 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 8.1EPSS: 1%CPEs: 35EXPL: 0CVE-2024-5688 – Mozilla: Use-after-free in JavaScript object transplant
https://notcve.org/view.php?id=CVE-2024-5688
11 Jun 2024 — If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Si se activó una recolección de basura en el momento adecuado, podría haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5702 – Mozilla: Use-after-free in networking
https://notcve.org/view.php?id=CVE-2024-5702
11 Jun 2024 — Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. La corrupción de la memoria en la pila de red podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1193389 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-2698 – Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
https://notcve.org/view.php?id=CVE-2024-2698
11 Jun 2024 — A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match t... • https://access.redhat.com/errata/RHSA-2024:3754 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-5742 – Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
https://notcve.org/view.php?id=CVE-2024-5742
11 Jun 2024 — A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. Se encontró una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a través de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda... • https://access.redhat.com/security/cve/CVE-2024-5742 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 17%CPEs: 20EXPL: 1CVE-2024-3183 – Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
https://notcve.org/view.php?id=CVE-2024-3183
11 Jun 2024 — A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any princ... • https://github.com/Cyxow/CVE-2024-3183-POC • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.1EPSS: 0%CPEs: 25EXPL: 0CVE-2024-5564 – Libndp: buffer overflow in route information length field
https://notcve.org/view.php?id=CVE-2024-5564
31 May 2024 — A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Se encontró una vulnerabilidad en libndp. Esta falla permite que un usuario malintencionado local provoque un desbordamiento del búfer en NetworkManager, provocado al enviar un paquete de publicidad de enrutador IPv6 con formato inco... • https://access.redhat.com/errata/RHSA-2024:4618 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
30 May 2024 — EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divi... • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 • CWE-369: Divide By Zero •