CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43892 – memcg: protect concurrent access to mem_cgroup_idr
https://notcve.org/view.php?id=CVE-2024-43892
26 Aug 2024 — These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. ... These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. ... An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/73f576c04b9410ed19660f74f97521bee6e1c546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43890 – tracing: Fix overflow in get_free_elt()
https://notcve.org/view.php?id=CVE-2024-43890
26 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/08d43a5fa063e03c860f2f391a30c388bcbc948e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43889 – padata: Fix possible divide-by-0 panic in padata_mt_helper()
https://notcve.org/view.php?id=CVE-2024-43889
26 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/004ed42638f4428e70ead59d170f3d17ff761a0f • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43884 – Bluetooth: MGMT: Add error handling to pair_device()
https://notcve.org/view.php?id=CVE-2024-43884
26 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/5157b8a503fa834e8569c7fed06981e3d3d53db0 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-45256 – BYOB Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-45256
26 Aug 2024 — An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py. • https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43957 – WordPress Animated Number Counters plugin <= 1.9 - Editor+ Limited Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43957
26 Aug 2024 — This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/animated-number-counters/wordpress-animated-number-counters-plugin-1-9-editor-limited-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34087
https://notcve.org/view.php?id=CVE-2024-34087
26 Aug 2024 — An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. • https://themodernham.com/bbs-hacking-discovering-rce-within-bpq32-seh-based-buffer-overflow • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42788
https://notcve.org/view.php?id=CVE-2024-42788
26 Aug 2024 — This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41285
https://notcve.org/view.php?id=CVE-2024-41285
26 Aug 2024 — A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. • https://gist.github.com/Giles-one/834b2becd7abebc3cabea0484301d149 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42789
https://notcve.org/view.php?id=CVE-2024-42789
26 Aug 2024 — This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •