CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8382 – mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
https://notcve.org/view.php?id=CVE-2024-8382
03 Sep 2024 — Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. Internal browser event interfaces were exposed to web content wh... • https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 • CWE-273: Improper Check for Dropped Privileges CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. The M... • https://bugzilla.mozilla.org/show_bug.cgi?id=1912715 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-31356 – kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory
https://notcve.org/view.php?id=CVE-2023-31356
13 Aug 2024 — Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. A flaw was found in hw in the SNP-SEV firmware. This flaw could allow a privileged attacker to corrupt a guest's private memory, potentially resulting in the loss of data integrity of the guest. Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-459: Incomplete Cleanup •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20584 – kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity
https://notcve.org/view.php?id=CVE-2023-20584
13 Aug 2024 — IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially ... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-7006 – Libtiff: null pointer dereference in tif_dirinfo.c
https://notcve.org/view.php?id=CVE-2024-7006
08 Aug 2024 — A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. • https://access.redhat.com/security/cve/CVE-2024-7006 • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7348 – PostgreSQL relation replacement during pg_dump executes arbitrary SQL
https://notcve.org/view.php?id=CVE-2024-7348
08 Aug 2024 — Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. A vulnerability was foun... • https://www.postgresql.org/support/security/CVE-2024-7348 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7529 – mozilla: Document content could partially obscure security prompts
https://notcve.org/view.php?id=CVE-2024-7529
06 Aug 2024 — The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903187 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7528 – mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2024-7528
06 Aug 2024 — Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895951 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7527 – mozilla: Use-after-free in JavaScript garbage collection
https://notcve.org/view.php?id=CVE-2024-7527
06 Aug 2024 — Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could h... • https://bugzilla.mozilla.org/show_bug.cgi?id=1871303 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7526 – mozilla: Uninitialized memory used by WebGL
https://notcve.org/view.php?id=CVE-2024-7526
06 Aug 2024 — ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 • CWE-908: Use of Uninitialized Resource •