CVSS: 6.5EPSS: 2%CPEs: 32EXPL: 0CVE-2024-40776 – webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-40776
29 Jul 2024 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. • https://support.apple.com/en-us/HT214121 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 31EXPL: 0CVE-2024-40789 – Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40789
29 Jul 2024 — An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0CVE-2024-40785 – Apple Security Advisory 07-29-2024-7
https://notcve.org/view.php?id=CVE-2024-40785
29 Jul 2024 — This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. • https://support.apple.com/en-us/HT214121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2024-40780 – webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
https://notcve.org/view.php?id=CVE-2024-40780
29 Jul 2024 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2024-40779 – webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
https://notcve.org/view.php?id=CVE-2024-40779
29 Jul 2024 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0CVE-2024-6655 – Gtk3: gtk2: library injection from cwd
https://notcve.org/view.php?id=CVE-2024-6655
16 Jul 2024 — A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges. • https://access.redhat.com/errata/RHSA-2024:6963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6615 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-6615
09 Jul 2024 — Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128. Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1892875%2C1894428%2C1898364 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6614 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6614
09 Jul 2024 — The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902983 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6613 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6613
09 Jul 2024 — The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1900523 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-6612 – Ubuntu Security Notice USN-6890-1
https://notcve.org/view.php?id=CVE-2024-6612
09 Jul 2024 — CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128. Las infracciones de CSP generaron enlaces en la pestaña de la consola de las herramientas de desarrollador, que apuntaban al recurso infractor. Esto provocó una captación previa de DNS que filtró que se había producido una infracción de CSP. • https://bugzilla.mozilla.org/show_bug.cgi?id=1880374 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •