CVE-2024-33623
https://notcve.org/view.php?id=CVE-2024-33623
A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XkbSetCompatMap requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-10505 – wuzhicms block.php edit code injection
https://notcve.org/view.php?id=CVE-2024-10505
Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. ... Inicialmente, el investigador creó dos problemas separados para las diferentes llamadas de función. • https://github.com/wuzhicms/wuzhicms/issues/209 https://vuldb.com/?ctiid.282444 https://vuldb.com/?id.282444 https://vuldb.com/?submit.427401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-48241
https://notcve.org/view.php?id=CVE-2024-48241
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. • https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md https://github.com/radareorg/radare2/issues/23317 https://github.com/radareorg/radare2/pull/23318 • CWE-787: Out-of-bounds Write •
CVE-2024-49769 – Waitress has a denial of service leading to high CPU usage/resource exhaustion
https://notcve.org/view.php?id=CVE-2024-49769
When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. ... A remote attacker could run waitress out of available sockets with very little resources required. • https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c https://github.com/Pylons/waitress/issues/418 https://github.com/Pylons/waitress/pull/435 https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 • CWE-772: Missing Release of Resource after Effective Lifetime •