CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53105 – mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
https://notcve.org/view.php?id=CVE-2024-53105
02 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000... • https://git.kernel.org/stable/c/b109b87050df5438ee745b2bddfa3587970025bb •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53104 – Linux Kernel Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-53104
02 Dec 2024 — An attacker who is able to influence the format of video streams captured by a system's USB video device could exploit this flaw to alter system memory and potentially escalate their privileges or execute arbitrary code. • https://git.kernel.org/stable/c/c0efd232929c2cd87238de2cccdaf4e845be5b0c • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11950 – XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11950
02 Dec 2024 — XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1640 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29645
https://notcve.org/view.php?id=CVE-2024-29645
02 Dec 2024 — Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. • https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51768 – Hewlett Packard Enterprise AutoPass License Server hsqldb Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51768
02 Dec 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. ... Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. ... An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51815 – WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-51815
02 Dec 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (Pro) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 241114. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53811 – WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-53811
02 Dec 2024 — The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.40. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wdesignkit/vulnerability/wordpress-wdesignkit-plugin-1-0-40-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53822 – WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-53822
02 Dec 2024 — The Pie Register Premium plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to 3.8.3.3 (exclusive). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/pie-register-premium/vulnerability/wordpress-pie-register-premium-plugin-3-8-3-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53564
https://notcve.org/view.php?id=CVE-2024-53564
02 Dec 2024 — An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file. • https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903 • CWE-434: Unrestricted Upload of File with Dangerous Type •