{"vulnerability": "CVE-2024-5020", "sightings": [{"uuid": "c3a286f9-d78e-49a9-a660-59b5cc818854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50207", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113445954103590573", "content": "", "creation_timestamp": "2024-11-08T06:38:04.075659Z"}, {"uuid": "2193a994-0bbe-4ea1-9248-4e618d40b752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50208", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113446009202206435", "content": "", "creation_timestamp": "2024-11-08T06:52:04.773681Z"}, {"uuid": "f7635c7b-c87d-4e18-9b35-42dde4c096bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50206", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113446060195952895", "content": "", "creation_timestamp": "2024-11-08T07:05:03.175195Z"}, {"uuid": "13157c42-991e-4a90-accd-4cdf0d318a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5020", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593694914451957", "content": "", "creation_timestamp": "2024-12-04T08:50:31.112706Z"}, {"uuid": "c39c1772-8748-4a84-a0bd-d0ca70e20e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50202", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lz7n37lmvk2q", "content": "", "creation_timestamp": "2025-09-19T19:48:56.813894Z"}, {"uuid": "f1bac14c-0e20-42b6-8c38-a9d2baad8b40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50201", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "25f90def-d37e-4ed1-8b3a-ae614bacd510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50202", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "edb20d05-4606-4655-b2e1-f0c9c9070686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50209", "type": "seen", "source": "https://t.me/cvedetector/10165", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50209 - Netronome RDMA Allocation Check Failure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50209 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/bnxt_re: Add a check for memory allocation  \n  \n__alloc_pbl() can return error when memory allocation fails.  \nDriver is not checking the status on one of the instances. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:36.000000Z"}, {"uuid": "b6890270-095e-40b0-8291-80500696aa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5020", "type": "seen", "source": "https://t.me/cvedetector/11966", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5020 - Multiple plugins for WordPress are vulnerable to S\", \n  \"Content\": \"CVE ID : CVE-2024-5020 \nPublished : Dec. 4, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T10:54:00.000000Z"}, {"uuid": "e980874e-2475-4b10-906a-cef253227659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50203", "type": "seen", "source": "https://t.me/cvedetector/10180", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50203 - Linux Kernel bpf Arm64 Heap Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-50203 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf, arm64: Fix address emission with tag-based KASAN enabled  \n  \nWhen BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image  \nstruct on the stack is passed during the size calculation pass and  \nan address on the heap is passed during code generation. This may  \ncause a heap buffer overflow if the heap address is tagged because  \nemit_a64_mov_i64() will emit longer code than it did during the size  \ncalculation pass. The same problem could occur without tag-based  \nKASAN if one of the 16-bit words of the stack address happened to  \nbe all-ones during the size calculation pass. Fix the problem by  \nassuming the worst case (4 instructions) when calculating the size  \nof the bpf_tramp_image address emission. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:56.000000Z"}, {"uuid": "571cfaf2-2b55-4b16-8296-4cf60491ece8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50204", "type": "seen", "source": "https://t.me/cvedetector/10178", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50204 - Linux Kernel RB Tree Node Remove Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50204 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nfs: don't try and remove empty rbtree node  \n  \nWhen copying a namespace we won't have added the new copy into the  \nnamespace rbtree until after the copy succeeded. Calling free_mnt_ns()  \nwill try to remove the copy from the rbtree which is invalid. Simply  \nfree the namespace skeleton directly. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:55.000000Z"}, {"uuid": "3a22b29c-b48c-4c54-90a5-9847cdde224c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50208", "type": "seen", "source": "https://t.me/cvedetector/10164", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50208 - \"Intel RDMA - PBL Buffer Overflow Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-50208 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages  \n  \nAvoid memory corruption while setting up Level-2 PBL pages for the non MR  \nresources when num_pages > 256K.  \n  \nThere will be a single PDE page address (contiguous pages in the case of >  \nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid  \nmemory access after 256K PBL entries in the PDE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:35.000000Z"}, {"uuid": "0fce540a-7ea1-4262-a521-7570f77bdc72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50207", "type": "seen", "source": "https://t.me/cvedetector/10162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50207 - Linux Ring Buffer Subbuffer Order Set Reader Lock Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-50207 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nring-buffer: Fix reader locking when changing the sub buffer order  \n  \nThe function ring_buffer_subbuf_order_set() updates each  \nring_buffer_per_cpu and installs new sub buffers that match the requested  \npage order. This operation may be invoked concurrently with readers that  \nrely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or  \nthe ring_buffer_per_cpu.pages and reader_page pointers. However, no  \nexclusive access is acquired by ring_buffer_subbuf_order_set(). Modifying  \nthe mentioned data while a reader also operates on them can then result in  \nincorrect memory access and various crashes.  \n  \nFix the problem by taking the reader_lock when updating a specific  \nring_buffer_per_cpu in ring_buffer_subbuf_order_set(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:34.000000Z"}, {"uuid": "a6d0b586-fe1e-4aa0-b859-b6421b441d21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50206", "type": "seen", "source": "https://t.me/cvedetector/10175", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50206 - \"MTK eth soc DMA Memory Corruption Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-50206 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: ethernet: mtk_eth_soc: fix memory corruption during fq dma init  \n  \nThe loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must  \nonly touch as many descriptors, otherwise it ends up corrupting unrelated  \nmemory. Fix the loop iteration count accordingly. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:50.000000Z"}, {"uuid": "246fb3a6-ac19-423b-a929-f7c4e6e4c77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50201", "type": "seen", "source": "https://t.me/cvedetector/10170", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50201 - Radeon DRM Possible Clones Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50201 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/radeon: Fix encoder->possible_clones  \n  \nInclude the encoder itself in its possible_clones bitmask.  \nIn the past nothing validated that drivers were populating  \npossible_clones correctly, but that changed in commit  \n74d2aacbe840 (\"drm: Validate encoder->possible_clones\").  \nLooks like radeon never got the memo and is still not  \nfollowing the rules 100% correctly.  \n  \nThis results in some warnings during driver initialization:  \nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)  \nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c  \n...  \n  \n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:43.000000Z"}]}