CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53100 – nvme: tcp: avoid race between queue_lock lock and destroy
https://notcve.org/view.php?id=CVE-2024-53100
25 Nov 2024 — = lock) WARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220 Modules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper dr... • https://git.kernel.org/stable/c/4f946479b326a3cbb193f2b8368aed9269514c35 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53099 – bpf: Check validity of link->type in bpf_link_show_fdinfo()
https://notcve.org/view.php?id=CVE-2024-53099
25 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/79f87a6ec39fb5968049a6775a528bf58b25c20a •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53098 – drm/xe/ufence: Prefetch ufence addr to catch bogus address
https://notcve.org/view.php?id=CVE-2024-53098
25 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53097 – mm: krealloc: Fix MTE false alarm in __do_krealloc
https://notcve.org/view.php?id=CVE-2024-53097
25 Nov 2024 — The original code only considered software-based KASAN and did not account for MTE. ... The original code only considered software-based KASAN and did not account for MTE. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a543785856249a5ba8c20468098601c0c33b1224 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53268 – Lack of validation on openExternal allows 1 click remote code execution in joplin
https://notcve.org/view.php?id=CVE-2024-53268
25 Nov 2024 — In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. • https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11002 – InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template
https://notcve.org/view.php?id=CVE-2024-11002
25 Nov 2024 — The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/inpost-gallery/trunk/index.php#L323 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-10542 – Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2024-10542
25 Nov 2024 — The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated... • https://github.com/FoKiiin/CVE-2024-10542 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11660 – code-projects Farmacia usuario.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11660
25 Nov 2024 — A vulnerability was found in code-projects Farmacia 1.0. ... Es wurde eine Schwachstelle in code-projects Farmacia 1.0 ausgemacht. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50672
https://notcve.org/view.php?id=CVE-2024-50672
25 Nov 2024 — Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application. • https://github.com/adaptlearning/adapt_authoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53554
https://notcve.org/view.php?id=CVE-2024-53554
25 Nov 2024 — A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. • https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •