CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41799 – tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
https://notcve.org/view.php?id=CVE-2024-41799
29 Jul 2024 — A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. ... This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. • https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41077 – null_blk: fix validation of block size
https://notcve.org/view.php?id=CVE-2024-41077
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41073 – nvme: avoid double free special payload
https://notcve.org/view.php?id=CVE-2024-41073
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057 • CWE-415: Double Free •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41072 – wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
https://notcve.org/view.php?id=CVE-2024-41072
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41071 – wifi: mac80211: Avoid address calculations via out of bounds array indexing
https://notcve.org/view.php?id=CVE-2024-41071
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a2bb0c5d0086be5ab5054465dfaa381a1144905c • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41070 – KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
https://notcve.org/view.php?id=CVE-2024-41070
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41068 – s390/sclp: Fix sclp_init() cleanup on failure
https://notcve.org/view.php?id=CVE-2024-41068
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41065 – powerpc/pseries: Whitelist dtl slub object for copying to userspace
https://notcve.org/view.php?id=CVE-2024-41065
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41064 – powerpc/eeh: avoid possible crash when edev->pdev changes
https://notcve.org/view.php?id=CVE-2024-41064
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3 • CWE-413: Improper Resource Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41063 – Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
https://notcve.org/view.php?id=CVE-2024-41063
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9 • CWE-833: Deadlock •