CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39507 – net: hns3: fix kernel crash problem in concurrent scenario
https://notcve.org/view.php?id=CVE-2024-39507
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39506 – liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
https://notcve.org/view.php?id=CVE-2024-39506
12 Jul 2024 — ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. In addition, the code in the function liquidio_push_packet() in liq... • https://git.kernel.org/stable/c/1f233f327913f3dee0602cba9c64df1903772b55 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39504 – netfilter: nft_inner: validate mandatory meta and payload
https://notcve.org/view.php?id=CVE-2024-39504
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/3a07327d10a09379315c844c63f27941f5081e0a • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39498 – drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2
https://notcve.org/view.php?id=CVE-2024-39498
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/5aa1dfcdf0a429e4941e2eef75b006a8c7a8ac49 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39497 – drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
https://notcve.org/view.php?id=CVE-2024-39497
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/2194a63a818db71065ebe09c8104f5f021ca4e7b • CWE-825: Expired Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39496 – btrfs: zoned: fix use-after-free due to race with dev replace
https://notcve.org/view.php?id=CVE-2024-39496
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/17765964703b88d8befd899f8501150bb7e07e43 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39495 – greybus: Fix use-after-free bug in gb_interface_release due to race condition.
https://notcve.org/view.php?id=CVE-2024-39495
12 Jul 2024 — Here is the relevant code. if (!... A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39494 – ima: Fix use-after-free on a dentry's dname.name
https://notcve.org/view.php?id=CVE-2024-39494
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36522 – Apache Wicket: Remote code execution via XSLT injection
https://notcve.org/view.php?id=CVE-2024-36522
12 Jul 2024 — The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue. The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. • http://www.openwall.com/lists/oss-security/2024/07/12/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6396 – Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6396
12 Jul 2024 — A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. ... This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. • https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0 • CWE-29: Path Traversal: '\..\filename' •