CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35186 – gix traversal outside working tree enables arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-35186
23 May 2024 — gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0... • https://github.com/Byron/gitoxide/security/advisories/GHSA-7w47-3wg8-547c • CWE-23: Relative Path Traversal •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-33228
https://notcve.org/view.php?id=CVE-2024-33228
22 May 2024 — An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Un problema en el componente segwindrvx64.sys de Insyde Software Corp SEG Windows Driver v100.00.07.02 permite a los atacantes escalar privilegios y ejecutar código arbitrario mediante el envío de solicitudes IOCTL manipuladas. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33228 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33225
https://notcve.org/view.php?id=CVE-2024-33225
22 May 2024 — An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Un problema en el componente RTKVHD64.sys de Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 permite a los atacantes escalar privilegios y ejecutar código arbitrario mediante el envío de solicitudes IOCTL manipuladas. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33225 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5160 – Debian Security Advisory 5696-1
https://notcve.org/view.php?id=CVE-2024-5160
22 May 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5159 – Debian Security Advisory 5696-1
https://notcve.org/view.php?id=CVE-2024-5159
22 May 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5158 – Debian Security Advisory 5696-1
https://notcve.org/view.php?id=CVE-2024-5158
22 May 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5157 – Debian Security Advisory 5696-1
https://notcve.org/view.php?id=CVE-2024-5157
22 May 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47460 – ocfs2: fix data corruption after conversion from inline format
https://notcve.org/view.php?id=CVE-2021-47460
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal inode format. The code in ocfs2_convert_inline_data_to_extents() attempts to zero out the whole cluster allocated for file data by grabbing, zeroing, and dirtying all pages covering this cluster. However these pages ... • https://git.kernel.org/stable/c/acef5107e2eacb08a16ad5db60320d65bd26a6c0 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31396
https://notcve.org/view.php?id=CVE-2024-31396
22 May 2024 — Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. • https://developer.a-blogcms.jp/blog/news/JVN-70977403.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4662 – Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4662
22 May 2024 — The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges. El complemento Oxygen Builder para WordPress es vulnerable a la ejecución remota de código en todas las versione... • https://oxygenbuilder.com/oxygen-4-8-3-now-available-security-update • CWE-94: Improper Control of Generation of Code ('Code Injection') •