CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 1%CPEs: 42EXPL: 0CVE-2024-40782 – webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
https://notcve.org/view.php?id=CVE-2024-40782
29 Jul 2024 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21147 – OpenJDK: RangeCheckElimination array index overflow (8323231)
https://notcve.org/view.php?id=CVE-2024-21147
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 45EXPL: 0CVE-2024-21145 – OpenJDK: Out-of-bounds access in 2D image handling (8324559)
https://notcve.org/view.php?id=CVE-2024-21145
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for ... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21144 – OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
https://notcve.org/view.php?id=CVE-2024-21144
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abili... • https://security.netapp.com/advisory/ntap-20240719-0007 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-21138 – OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
https://notcve.org/view.php?id=CVE-2024-21138
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-21131 – OpenJDK: potential UTF8 size overflow (8314794)
https://notcve.org/view.php?id=CVE-2024-21131
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2024-6345 – Remote Code Execution in pypa/setuptools
https://notcve.org/view.php?id=CVE-2024-6345
15 Jul 2024 — A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Una vulnerabilidad en el módulo package_in... • https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-6604 – Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
https://notcve.org/view.php?id=CVE-2024-6604
09 Jul 2024 — Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1748105%2C1837550%2C1884266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •