CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10463 – firefox: thunderbird: Cross origin video frame leak
https://notcve.org/view.php?id=CVE-2024-10463
29 Oct 2024 — Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1920800 • CWE-203: Observable Discrepancy CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10462 – firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
https://notcve.org/view.php?id=CVE-2024-10462
29 Oct 2024 — Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1920423 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10461 – firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
https://notcve.org/view.php?id=CVE-2024-10461
29 Oct 2024 — In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header is not respected and does not force a download, which could allow cross-site scripting (... • https://bugzilla.mozilla.org/show_bug.cgi?id=1914521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-44244 – webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-44244
28 Oct 2024 — A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. • https://support.apple.com/en-us/121563 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown
https://notcve.org/view.php?id=CVE-2024-9050
22 Oct 2024 — A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to speci... • https://access.redhat.com/errata/RHSA-2024:8312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9774 – Python-sql: python-sql unary operators does not escape non-expression
https://notcve.org/view.php?id=CVE-2024-9774
22 Oct 2024 — A vulnerability was found in python-sql where unary operators do not escape non-Expression. Se encontró una vulnerabilidad en python-sql donde los operadores unarios no escapan a expresiones no expresadas. Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection. • https://discuss.tryton.org/t/security-release-for-issue-93/7889/3 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22034 – Crafted projects can overwrite special files in the .osc config directory
https://notcve.org/view.php?id=CVE-2024-22034
16 Oct 2024 — Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim Los atacantes podrían colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuración de osc para la víctima. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034 •
CVSS: 6.8EPSS: 2%CPEs: 38EXPL: 0CVE-2024-9676 – Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
https://notcve.org/view.php?id=CVE-2024-9676
15 Oct 2024 — A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to r... • https://access.redhat.com/errata/RHSA-2024:10289 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2024-48949 – elliptic: Missing Validation in Elliptic's EDDSA Signature Verification
https://notcve.org/view.php?id=CVE-2024-48949
10 Oct 2024 — The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order. An update for the grafana:7.3.6 module is now available for Red ... • https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-48957
https://notcve.org/view.php?id=CVE-2024-48957
10 Oct 2024 — execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. • https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 • CWE-125: Out-of-bounds Read •