CVSS: 7.5EPSS: %CPEs: 13EXPL: 0CVE-2024-36472 – gnome-shell: code execution in portal helper
https://notcve.org/view.php?id=CVE-2024-36472
28 May 2024 — In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. En GNOME Shell hasta la versión 45.7, se puede iniciar automáticamente un asistente de portal (sin confirmación del usuario) en función de las resp... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page CWE-346: Origin Validation Error •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-47169
https://notcve.org/view.php?id=CVE-2023-47169
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. Las restricciones incorrectas del búfer en todas las versiones del software Intel(R) Media SDK pueden permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-47282
https://notcve.org/view.php?id=CVE-2023-47282
16 May 2024 — Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La escritura fuera de los límites en Intel(R) Media SDK en todas las versiones y en algunos software Intel(R) oneVPL anteriores a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-787: Out-of-bounds Write •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-22656
https://notcve.org/view.php?id=CVE-2023-22656
16 May 2024 — Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La lectura fuera de los límites en Intel(R) Media SDK y algún software Intel(R) oneVPL anterior a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-125: Out-of-bounds Read •
CVSS: 4.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45221
https://notcve.org/view.php?id=CVE-2023-45221
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Media SDK en todas las versiones pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2023-48368
https://notcve.org/view.php?id=CVE-2023-48368
16 May 2024 — Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. La validación de entrada incorrecta en todas las versiones del software Intel(R) Media SDK puede permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4777 – Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://notcve.org/view.php?id=CVE-2024-4777
14 May 2024 — Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4770 – Mozilla: Use-after-free could occur when printing to PDF
https://notcve.org/view.php?id=CVE-2024-4770
14 May 2024 — When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al guardar una página en PDF, ciertos estilos de fuente podrían haber provocado un posible bloqueo del use-after-free. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4769 – Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2024-4769
14 May 2024 — When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas `aplicación/javascript` y respuestas sin script. Se podría haber abusado de esto para ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 • CWE-351: Insufficient Type Distinction CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-4768 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-4768
14 May 2024 — A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Un error en la interacción de las notificaciones emergentes con WebAuthn facilitó que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 • CWE-281: Improper Preservation of Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •