CVSS: 6.0EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20359 – Cisco ASA and FTD Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3734 – FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-3734
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. El complemento FOX – Currency Switcher Professional para WooCommerce es vulnerable a la ejecución de códigos cortos arbitrarios no autenticados en versiones hasta la 1.4.1.8 incluida. Esto permite a atacantes no autenticados ejecutar códigos cortos arbitrarios. • https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/woocs.php#L4154 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072307%40woocommerce-currency-switcher%2Ftrunk&old=3049249%40woocommerce-currency-switcher%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1d49d0-c9aa-401c-80b9-d4df7fe97691?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21979
https://notcve.org/view.php?id=CVE-2024-21979
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6012.html • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21972
https://notcve.org/view.php?id=CVE-2024-21972
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6012.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28130
https://notcve.org/view.php?id=CVE-2024-28130
A specially crafted malformed file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 • CWE-704: Incorrect Type Conversion or Cast •