CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50216 – xfs: fix finding a last resort AG in xfs_filestream_pick_ag
https://notcve.org/view.php?id=CVE-2024-50216
09 Nov 2024 — But the loop for that uses args->pag as loop iterator while the later code expects pag to be set. ... But the loop for that uses args->pag as loop iterator while the later code expects pag to be set. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f8f1ed1ab3babad46b25e2dbe8de43b33fe7aaa6 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50215 – nvmet-auth: assign dh_key to NULL after kfree_sensitive
https://notcve.org/view.php?id=CVE-2024-50215
09 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/7a277c37d3522e9b2777d762bbbcecafae2b1f8d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50214 – drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50214
09 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/abb6f74973e20956d42e8227dde6fb4e92502c14 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50213 – drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50213
09 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/4af70f19e55904147c0515ff874204a5306ac807 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50212 – lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
https://notcve.org/view.php?id=CVE-2024-50212
09 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a473573964e51dcb6efc182f773cd3924be4a184 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52004 – Remote code execution vulnerabilities in MediaCMS
https://notcve.org/view.php?id=CVE-2024-52004
08 Nov 2024 — MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. ... MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
08 Nov 2024 — The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10470 – WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
https://notcve.org/view.php?id=CVE-2024-10470
08 Nov 2024 — The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)... • https://github.com/RandomRobbieBF/CVE-2024-10470 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10586 – Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10586
08 Nov 2024 — The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to... • https://github.com/RandomRobbieBF/CVE-2024-10586 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50211 – udf: refactor inode_bmap() to handle error
https://notcve.org/view.php?id=CVE-2024-50211
08 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e •