CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-10505 – wuzhicms block.php edit code injection
https://notcve.org/view.php?id=CVE-2024-10505
Inicialmente, el investigador creó dos problemas separados para las diferentes llamadas de función. • https://github.com/wuzhicms/wuzhicms/issues/209 https://vuldb.com/?ctiid.282444 https://vuldb.com/?id.282444 https://vuldb.com/?submit.427401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48241
https://notcve.org/view.php?id=CVE-2024-48241
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. • https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md https://github.com/radareorg/radare2/issues/23317 https://github.com/radareorg/radare2/pull/23318 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49769 – Waitress has a denial of service leading to high CPU usage/resource exhaustion
https://notcve.org/view.php?id=CVE-2024-49769
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition. • https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c https://github.com/Pylons/waitress/issues/418 https://github.com/Pylons/waitress/pull/435 https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-8309 – SQL Injection in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-8309
This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. • https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255 https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •