CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39479 – drm/i915/hwmon: Get rid of devm
https://notcve.org/view.php?id=CVE-2024-39479
05 Jul 2024 — These code paths (for device unbind) are as follows (see also the bug referenced below): Call Trace: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 component_unbind_all+0x8d/0xa0 component_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 device_release_driver_internal+0x19c/0x200 unbind_store+0x9c/0xb0 and Call Trace: release_nodes+0x11/0x70 devres_rel... • https://git.kernel.org/stable/c/cfa73607eb21a4ce1d6294a2c5733628897b48a2 • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39478 – crypto: starfive - Do not free stack buffer
https://notcve.org/view.php?id=CVE-2024-39478
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/445a4aaf5842073e4130b1d6dbe3785284d9615f • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39474 – mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
https://notcve.org/view.php?id=CVE-2024-39474
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9376130c390a76fac2788a5d6e1a149017b4ab50 • CWE-476: NULL Pointer Dereference CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39473 – ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
https://notcve.org/view.php?id=CVE-2024-39473
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/648fea12847695d60ddeebea86597114885ee76e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39472 – xfs: fix log recovery buffer allocation for the legacy h_size fixup
https://notcve.org/view.php?id=CVE-2024-39472
05 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0c771b99d6c9a0552fea5cc43669b726dad8f659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27709
https://notcve.org/view.php?id=CVE-2024-27709
05 Jul 2024 — SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27716
https://notcve.org/view.php?id=CVE-2024-27716
05 Jul 2024 — Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27716-cross-site-scripting-xss-in-eskooly-web-product-less-than-v3.0 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
05 Jul 2024 — An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37520 – WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37520
05 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37513 – WordPress WPCafe plugin <= 2.2.27 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37513
05 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-cafe/wordpress-wpcafe-plugin-2-2-27-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •