9.8
CVE-2024-8385 - mozilla: WASM type confusion involving ArrayTypes
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
9.8
CVE-2024-8384 - mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Tβ¦
7.5
CVE-2024-8383 - mozilla: Firefox did not ask before openings news: links in an external application
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installβ¦
8.8
CVE-2024-8382 - mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener cβ¦
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had bβ¦
9.8
CVE-2024-8381 - mozilla: Type confusion when looking up a property name in a "with" block
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
7.5
CVE-2024-6232 - Regular-expression DoS when parsing TarFile headers
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
3.6
CVE-2024-45310 - runc can be confused to create empty files/directories on the host
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and β¦
8.4
CVE-2024-6473 - DLL Hijacking in Yandex Browser
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
9.1
CVE-2024-45588 - Information Disclosure Vulnerability
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could leadβ¦
9.1
CVE-2024-45587 - Unauthorized Modification Vulnerability
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coβ¦