|
314841
|
9.8 |
CRITICAL
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8387
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314842
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
firefox_esr
|
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2…
|
CWE-843
Type Confusion
|
CVE-2024-8385
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314843
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox_esr
firefox
|
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulner…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8384
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314844
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox_esr
firefox
|
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < …
|
CWE-843
Type Confusion
|
CVE-2024-8381
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314845
|
10.0 |
CRITICAL
Network
|
wpindeed
|
ultimate_membership_pro
|
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-43242
|
2024-09-7 01:57 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314846
|
7.5 |
HIGH
Network
|
raidenmaild
|
raidenmaild
|
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.
|
CWE-22
Path Traversal
|
CVE-2024-7693
|
2024-09-7 01:51 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314847
|
- |
|
-
|
-
|
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access…
|
-
|
CVE-2024-45758
|
2024-09-7 01:46 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314848
|
- |
|
-
|
-
|
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two email…
|
-
|
CVE-2024-25584
|
2024-09-7 01:46 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314849
|
- |
|
-
|
-
|
`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a…
|
-
|
CVE-2024-45405
|
2024-09-7 01:46 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314850
|
- |
|
-
|
-
|
Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.
|
-
|
CVE-2024-44739
|
2024-09-7 01:46 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
