CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52393 – WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52393
11 Nov 2024 — The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Ubuntu Security Notice USN-7138-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. ... An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52004 – Remote code execution vulnerabilities in MediaCMS
https://notcve.org/view.php?id=CVE-2024-52004
08 Nov 2024 — MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. ... MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
08 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10470 – WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
https://notcve.org/view.php?id=CVE-2024-10470
08 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://github.com/RandomRobbieBF/CVE-2024-10470 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10586 – Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10586
08 Nov 2024 — This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. ... This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. • https://github.com/RandomRobbieBF/CVE-2024-10586 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50191 – ext4: don't set SB_RDONLY after filesystem errors
https://notcve.org/view.php?id=CVE-2024-50191
08 Nov 2024 — Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. ... Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. ... A physically pr... • https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50189 – HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
https://notcve.org/view.php?id=CVE-2024-50189
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50188 – net: phy: dp83869: fix memory corruption when enabling fiber
https://notcve.org/view.php?id=CVE-2024-50188
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/a29de52ba2a156873505d8b8cef44e69925b8114 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50186 – net: explicitly clear the sk pointer, when pf->create fails
https://notcve.org/view.php?id=CVE-2024-50186
08 Nov 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069 •