CVSS: 7.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-24853
https://notcve.org/view.php?id=CVE-2024-24853
14 Aug 2024 — Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html • CWE-696: Incorrect Behavior Order •
CVSS: 6.9EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24980
https://notcve.org/view.php?id=CVE-2024-24980
14 Aug 2024 — Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html • CWE-693: Protection Mechanism Failure •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2024-25939
https://notcve.org/view.php?id=CVE-2024-25939
14 Aug 2024 — Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html • CWE-1251: Mirrored Regions with Different Values •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7348 – PostgreSQL relation replacement during pg_dump executes arbitrary SQL
https://notcve.org/view.php?id=CVE-2024-7348
08 Aug 2024 — Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. A vulnerability was foun... • https://www.postgresql.org/support/security/CVE-2024-7348 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-7531 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-7531
06 Aug 2024 — Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change... • https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7529 – mozilla: Document content could partially obscure security prompts
https://notcve.org/view.php?id=CVE-2024-7529
06 Aug 2024 — The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903187 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7528 – mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2024-7528
06 Aug 2024 — Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895951 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7527 – mozilla: Use-after-free in JavaScript garbage collection
https://notcve.org/view.php?id=CVE-2024-7527
06 Aug 2024 — Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could h... • https://bugzilla.mozilla.org/show_bug.cgi?id=1871303 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7526 – mozilla: Uninitialized memory used by WebGL
https://notcve.org/view.php?id=CVE-2024-7526
06 Aug 2024 — ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7525 – mozilla: Missing permission check when creating a StreamFilter
https://notcve.org/view.php?id=CVE-2024-7525
06 Aug 2024 — It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1... • https://bugzilla.mozilla.org/show_bug.cgi?id=1909298 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •