CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7526 – mozilla: Uninitialized memory used by WebGL
https://notcve.org/view.php?id=CVE-2024-7526
06 Aug 2024 — ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7525 – mozilla: Missing permission check when creating a StreamFilter
https://notcve.org/view.php?id=CVE-2024-7525
06 Aug 2024 — It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1... • https://bugzilla.mozilla.org/show_bug.cgi?id=1909298 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7524 – mozilla: CSP strict-dynamic bypass using web-compatibility shims
https://notcve.org/view.php?id=CVE-2024-7524
06 Aug 2024 — Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Firefo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1909241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7522 – mozilla: Out of bounds read in editor component
https://notcve.org/view.php?id=CVE-2024-7522
06 Aug 2024 — Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Editor code failed to check an attribute value. This could have led to an out-of-bounds read. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906727 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7521 – mozilla: Incomplete WebAssembly exception handing
https://notcve.org/view.php?id=CVE-2024-7521
06 Aug 2024 — Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Incomplete WebAssembly exception handing could have led to a use-after-f... • https://bugzilla.mozilla.org/show_bug.cgi?id=1904644 • CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: A type confusion bug in WebAssembly could be leveraged by an attacker to po... • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7519 – mozilla: Out of bounds memory access in graphics shared memory handling
https://notcve.org/view.php?id=CVE-2024-7519
06 Aug 2024 — Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2024-7055 – FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
https://notcve.org/view.php?id=CVE-2024-7055
06 Aug 2024 — A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-7409 – Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
https://notcve.org/view.php?id=CVE-2024-7409
05 Aug 2024 — A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Red Hat OpenShift Container Platform release 4.16.25 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include bypass and denial of service vulnerabilities. • https://access.redhat.com/security/cve/CVE-2024-7409 • CWE-662: Improper Synchronization •