CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53093 – nvme-multipath: defer partition scanning
https://notcve.org/view.php?id=CVE-2024-53093
21 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/60de2e03f984cfbcdc12fa552f95087c35a05a98 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53091 – bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx
https://notcve.org/view.php?id=CVE-2024-53091
21 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/94531cfcbe79c3598acf96806627b2137ca32eb9 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53089 – LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
https://notcve.org/view.php?id=CVE-2024-53089
21 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/fa96b57c149061f71a70bd6582d995f6424fbbf4 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
21 Nov 2024 — Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11587 – idcCMS classProvCity.php GetCityOptionJs cross site scripting
https://notcve.org/view.php?id=CVE-2024-11587
21 Nov 2024 — A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.285657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 2%CPEs: 1EXPL: 2CVE-2024-11320 – Command Injection leading to RCE via LDAP Misconfiguration
https://notcve.org/view.php?id=CVE-2024-11320
21 Nov 2024 — Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. • https://packetstorm.news/files/id/183465 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11526 – IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11526
21 Nov 2024 — IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverage this vulnerab... • https://www.zerodayinitiative.com/advisories/ZDI-24-1539 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11506 – IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11506
21 Nov 2024 — IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverage this vulnerab... • https://www.zerodayinitiative.com/advisories/ZDI-24-1594 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11532 – IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11532
21 Nov 2024 — IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverage this vulnera... • https://www.zerodayinitiative.com/advisories/ZDI-24-1587 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11548 – IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11548
21 Nov 2024 — IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverage this vulnera... • https://www.zerodayinitiative.com/advisories/ZDI-24-1545 • CWE-787: Out-of-bounds Write •