CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23729
https://notcve.org/view.php?id=CVE-2024-23729
19 Aug 2024 — The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. • https://github.com/actuator/com.heytap.browser • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42815
https://notcve.org/view.php?id=CVE-2024-42815
19 Aug 2024 — Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. • https://securityonline.info/cve-2024-42815-cvss-9-8-buffer-overflow-flaw-in-tp-link-routers-opens-door-to-rce • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7910 – CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7910
18 Aug 2024 — A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/RCE%20via%20File%20Upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43860 – remoteproc: imx_rproc: Skip over memory region when node value is NULL
https://notcve.org/view.php?id=CVE-2024-43860
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a0ff4aa6f010801b2a61c203c6e09d01b110fddf •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43858 – jfs: Fix array-index-out-of-bounds in diFree
https://notcve.org/view.php?id=CVE-2024-43858
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43854 – block: initialize integrity buffer to zero before writing it to media
https://notcve.org/view.php?id=CVE-2024-43854
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/7ba1ba12eeef0aa7113beb16410ef8b7c748e18b • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43853 – cgroup/cpuset: Prevent UAF in proc_cpuset_show()
https://notcve.org/view.php?id=CVE-2024-43853
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a79a908fd2b080977b45bf103184b81c9d11ad07 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43849 – soc: qcom: pdr: protect locator_addr with the main mutex
https://notcve.org/view.php?id=CVE-2024-43849
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43846 – lib: objagg: Fix general protection fault
https://notcve.org/view.php?id=CVE-2024-43846
17 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43841 – wifi: virt_wifi: avoid reporting connection success with wrong SSID
https://notcve.org/view.php?id=CVE-2024-43841
17 Aug 2024 — The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from ... • https://git.kernel.org/stable/c/c7cdba31ed8b87526db978976392802d3f93110c •