CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-33700
https://notcve.org/view.php?id=CVE-2024-33700
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1998 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-33623
https://notcve.org/view.php?id=CVE-2024-33623
A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XkbSetCompatMap requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:10090 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9540 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 https://access.redhat.com/errata/RHSA-2024:9690 https://access.redhat.com/errata/RHSA-2024:9816 https://access.redhat.com/e • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-10505 – wuzhicms block.php edit code injection
https://notcve.org/view.php?id=CVE-2024-10505
Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. ... Inicialmente, el investigador creó dos problemas separados para las diferentes llamadas de función. • https://github.com/wuzhicms/wuzhicms/issues/209 https://vuldb.com/?ctiid.282444 https://vuldb.com/?id.282444 https://vuldb.com/?submit.427401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48241
https://notcve.org/view.php?id=CVE-2024-48241
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. • https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md https://github.com/radareorg/radare2/issues/23317 https://github.com/radareorg/radare2/pull/23318 • CWE-787: Out-of-bounds Write •