CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11705 – Ubuntu Security Notice USN-7134-1
https://notcve.org/view.php?id=CVE-2024-11705
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1921768 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11697 – firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
https://notcve.org/view.php?id=CVE-2024-11697
26 Nov 2024 — This could have led to malicious code execution. ... This could have led to malicious code execution. ... If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1842187 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11695 – firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
https://notcve.org/view.php?id=CVE-2024-11695
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1925496 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-11694 – firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
https://notcve.org/view.php?id=CVE-2024-11694
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1924167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11701 – Ubuntu Security Notice USN-7134-1
https://notcve.org/view.php?id=CVE-2024-11701
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11692 – firefox: thunderbird: Select list elements could be shown over another site
https://notcve.org/view.php?id=CVE-2024-11692
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1909535 • CWE-290: Authentication Bypass by Spoofing CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1521 – Local Privilege Escalation in sccache
https://notcve.org/view.php?id=CVE-2023-1521
26 Nov 2024 — On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. • https://github.com/advisories/GHSA-x7fr-pg8f-93f5 • CWE-426: Untrusted Search Path •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9461 – Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings
https://notcve.org/view.php?id=CVE-2024-9461
26 Nov 2024 — The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/boldgrid-backup/tags/1.16.5/admin/class-boldgrid-backup-admin-settings.php#L748 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53555
https://notcve.org/view.php?id=CVE-2024-53555
26 Nov 2024 — A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://drive.google.com/file/d/1M4UjoTUqlPWLYjevCuE3WhdUqQkRj0-r/view?usp=drive_link • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53619
https://notcve.org/view.php?id=CVE-2024-53619
26 Nov 2024 — An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://grimthereaperteam.medium.com/spip-4-3-3-malicious-file-upload-xss-in-pdf-526c03bb1776 • CWE-434: Unrestricted Upload of File with Dangerous Type •