CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41093 – drm/amdgpu: avoid using null object of framebuffer
https://notcve.org/view.php?id=CVE-2024-41093
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by c... • https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41092 – drm/i915/gt: Fix potential UAF by revoke of fence registers
https://notcve.org/view.php?id=CVE-2024-41092
29 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41810 – HTML injection in HTTP redirect body
https://notcve.org/view.php?id=CVE-2024-41810
29 Jul 2024 — If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ... If exploited, a remote attacker could inject malicious HTML, causing unauthorized JavaScript execution within the victim's browser session. ... A remote attacker could possibly use this issue to delay and manipulate responses. ... An attacker could use this vulnerability to possibly execute an HTML injecti... • https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41081 – ila: block BH in ila_output()
https://notcve.org/view.php?id=CVE-2024-41081
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41078 – btrfs: qgroup: fix quota root leak after quota disable failure
https://notcve.org/view.php?id=CVE-2024-41078
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41799 – tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
https://notcve.org/view.php?id=CVE-2024-41799
29 Jul 2024 — A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment ... • https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41077 – null_blk: fix validation of block size
https://notcve.org/view.php?id=CVE-2024-41077
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41073 – nvme: avoid double free special payload
https://notcve.org/view.php?id=CVE-2024-41073
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057 • CWE-415: Double Free •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41072 – wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
https://notcve.org/view.php?id=CVE-2024-41072
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41070 – KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
https://notcve.org/view.php?id=CVE-2024-41070
29 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491 •