CVSS: 9.8EPSS: %CPEs: 4EXPL: 0CVE-2024-9370 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-9370
03 Oct 2024 — This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33662
https://notcve.org/view.php?id=CVE-2024-33662
02 Oct 2024 — Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. • https://github.com/portainer/portainer/compare/2.20.1...2.20.2 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.7EPSS: 0%CPEs: 21EXPL: 0CVE-2024-9407 – Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
https://notcve.org/view.php?id=CVE-2024-9407
01 Oct 2024 — A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source di... • https://access.redhat.com/security/cve/CVE-2024-9407 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 23EXPL: 0CVE-2024-9341 – Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
https://notcve.org/view.php?id=CVE-2024-9341
01 Oct 2024 — A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Red Hat OpenShift Container Platform release 4.15.... • https://access.redhat.com/security/cve/CVE-2024-9341 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2024-9355 – Golang-fips: golang fips zeroed buffer
https://notcve.org/view.php?id=CVE-2024-9355
01 Oct 2024 — A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This... • https://access.redhat.com/security/cve/CVE-2024-9355 • CWE-457: Use of Uninitialized Variable •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-9402 – firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
https://notcve.org/view.php?id=CVE-2024-9402
01 Oct 2024 — Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: Memory safety bugs are present in Firefox 130, Firefox ESR... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-9401 – firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
https://notcve.org/view.php?id=CVE-2024-9401
01 Oct 2024 — Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 1... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-9400 – firefox: thunderbird: Potential memory corruption during JIT compilation
https://notcve.org/view.php?id=CVE-2024-9400
01 Oct 2024 — A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A potential memory corruption vulnerability could be triggered if an attacker has the ability to trigger an OOM at a specific moment during JIT compilation. Multiple vulnerabilities have been discovered i... • https://bugzilla.mozilla.org/show_bug.cgi?id=1915249 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-9399 – firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
https://notcve.org/view.php?id=CVE-2024-9399
01 Oct 2024 — A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process, leading to a denial of service condition. Multiple vulnerabilities have been discovered in Mozilla Thunder... • https://bugzilla.mozilla.org/show_bug.cgi?id=1907726 • CWE-404: Improper Resource Shutdown or Release CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2024-9398 – firefox: thunderbird: External protocol handlers could be enumerated via popups
https://notcve.org/view.php?id=CVE-2024-9398
01 Oct 2024 — By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handl... • https://bugzilla.mozilla.org/show_bug.cgi?id=1881037 • CWE-203: Observable Discrepancy •