CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10586 – Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10586
08 Nov 2024 — This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. ... This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. • https://github.com/RandomRobbieBF/CVE-2024-10586 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50191 – ext4: don't set SB_RDONLY after filesystem errors
https://notcve.org/view.php?id=CVE-2024-50191
08 Nov 2024 — Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. ... Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. ... A physically pr... • https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50189 – HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
https://notcve.org/view.php?id=CVE-2024-50189
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50188 – net: phy: dp83869: fix memory corruption when enabling fiber
https://notcve.org/view.php?id=CVE-2024-50188
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/a29de52ba2a156873505d8b8cef44e69925b8114 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50186 – net: explicitly clear the sk pointer, when pf->create fails
https://notcve.org/view.php?id=CVE-2024-50186
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50184 – virtio_pmem: Check device status before requesting flush
https://notcve.org/view.php?id=CVE-2024-50184
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/6e84200c0a2994b991259d19450eee561029bf70 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50181 – clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
https://notcve.org/view.php?id=CVE-2024-50181
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM's clock parent will be disabled when DRAM is active, ... • https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50180 – fbdev: sisfb: Fix strbuf array overflow
https://notcve.org/view.php?id=CVE-2024-50180
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50179 – ceph: remove the incorrect Fw reference check when dirtying pages
https://notcve.org/view.php?id=CVE-2024-50179
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/5dda377cf0a6bd43f64a3c1efb670d7c668e7b29 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51788 – WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51788
08 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •