CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7788 – Signatures in "repair mode" should not be trusted
https://notcve.org/view.php?id=CVE-2024-7788
17 Sep 2024 — Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. It was discovered that LibreOffice would incorrectly handle digital signature verification after repairing a corrupted document. A remote attacker could possibly use this issue to forge valid signatures. • https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-44187 – webkitgtk: A malicious website may exfiltrate data cross-origin
https://notcve.org/view.php?id=CVE-2024-44187
16 Sep 2024 — A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. A vulnerability was found in WebKit. • https://support.apple.com/en-us/121238 • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23984 – Ubuntu Security Notice USN-7033-1
https://notcve.org/view.php?id=CVE-2024-23984
16 Sep 2024 — Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controller when using Intel SGX. This may allow a local privileged attacker to further escalate their privileges. It was discovered that some 4th and 5th Generation Intel Xeon Processors did not properly implement finite... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24968 – microcode_ctl: Denial of Service
https://notcve.org/view.php?id=CVE-2024-24968
16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45751 – Ubuntu Security Notice USN-7024-1
https://notcve.org/view.php?id=CVE-2024-45751
06 Sep 2024 — tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. • https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44082 – openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data
https://notcve.org/view.php?id=CVE-2024-44082
05 Sep 2024 — In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. A vulnerability was foun... • https://bugs.launchpad.net/ironic/+bug/2071740 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45230 – python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://notcve.org/view.php?id=CVE-2024-45230
04 Sep 2024 — An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. A flaw was found in Python's Django urlize() and urlizetrunc() functions. Excessive input with a specific sequence of characters may lead to denial of service. It was discovered that Django incorrectly handled certain inputs. • https://docs.djangoproject.com/en/dev/releases/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45231 – Ubuntu Security Notice USN-6987-1
https://notcve.org/view.php?id=CVE-2024-45231
04 Sep 2024 — An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django... • https://docs.djangoproject.com/en/dev/releases/security • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8389 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-8389
03 Sep 2024 — Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 115.15.0:115 are affected. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1907230%2C1909367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8387 – mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
https://notcve.org/view.php?id=CVE-2024-8387
03 Sep 2024 — Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •