CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43880 – mlxsw: spectrum_acl_erp: Fix object nesting warning
https://notcve.org/view.php?id=CVE-2024-43880
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43879 – wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
https://notcve.org/view.php?id=CVE-2024-43879
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c4cbaf7973a794839af080f13748335976cf3f3f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43875 – PCI: endpoint: Clean up error handling in vpci_scan_bus()
https://notcve.org/view.php?id=CVE-2024-43875
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021) Instead of printing an error message and then crashing we should return an error code and clean up. In the Linux kernel, the following vulnerability has been resolved: PCI:... • https://git.kernel.org/stable/c/e2b6ef72b7aea9d7d480d2df499bcd1c93247abb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43873 – vhost/vsock: always initialize seqpacket_allow
https://notcve.org/view.php?id=CVE-2024-43873
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ced7b713711fdd8f99d8d04dc53451441d194c60 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43871 – devres: Fix memory leakage caused by driver API devm_free_percpu()
https://notcve.org/view.php?id=CVE-2024-43871
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ff86aae3b4112b85d2231c23bccbc49589df1c06 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43870 – perf: Fix event leak upon exit
https://notcve.org/view.php?id=CVE-2024-43870
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43869 – perf: Fix event leak upon exec and file release
https://notcve.org/view.php?id=CVE-2024-43869
21 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41572
https://notcve.org/view.php?id=CVE-2024-41572
21 Aug 2024 — Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites. • https://medium.com/%40ChadSecurity/cve-2024-41572-68397fae354b •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42781
https://notcve.org/view.php?id=CVE-2024-42781
21 Aug 2024 — A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42778
https://notcve.org/view.php?id=CVE-2024-42778
21 Aug 2024 — This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code •