CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6604 – Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
https://notcve.org/view.php?id=CVE-2024-6604
09 Jul 2024 — Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1748105%2C1837550%2C1884266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6603 – Mozilla: Memory corruption in thread creation
https://notcve.org/view.php?id=CVE-2024-6603
09 Jul 2024 — In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. The Mozilla Foundation Security Advisory describes t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895081 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6601 – Mozilla: Race condition in permission assignment
https://notcve.org/view.php?id=CVE-2024-6601
09 Jul 2024 — A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining... • https://bugzilla.mozilla.org/show_bug.cgi?id=1890748 • CWE-281: Improper Preservation of Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 1CVE-2024-3596 – RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
https://notcve.org/view.php?id=CVE-2024-3596
09 Jul 2024 — RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta... • https://github.com/alperenugurlu/CVE-2024-3596-Detector • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-328: Use of Weak Hash CWE-354: Improper Validation of Integrity Check Value CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-29508 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29508
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 32EXPL: 0CVE-2024-37370 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37370
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicación. A vulnerability was found in the MIT Kerberos 5 GSS k... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-37371 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37371
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no válidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no válidos. A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the pla... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5700 – Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
https://notcve.org/view.php?id=CVE-2024-5700
11 Jun 2024 — Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Errores de seguridad de la memoria presentes en Firefox 126, Firefox ESR 115.11 y Thunderbird 115.11. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-786: Access of Memory Location Before Start of Buffer CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.6EPSS: 1%CPEs: 35EXPL: 0CVE-2024-5696 – Mozilla: Memory Corruption in Text Fragments
https://notcve.org/view.php?id=CVE-2024-5696
11 Jun 2024 — By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al manipular el texto en una etiqueta `<input>`, un atacante podría haber dañado la memoria y provocar un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1896555 • CWE-787: Out-of-bounds Write CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5693 – Mozilla: Cross-Origin Image leak via Offscreen Canvas
https://notcve.org/view.php?id=CVE-2024-5693
11 Jun 2024 — Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Offscreen Canvas no realizó un seguimiento adecuado de la contaminación de origen cruzado, que podría usarse para acceder a datos de imágenes de otro sitio en violación de la política del mismo origen. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891319 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •