CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2023-49614
https://notcve.org/view.php?id=CVE-2023-49614
Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html • CWE-787: Out-of-bounds Write •
CVSS: 2.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-45733 – intel-microcode: Race conditions in some Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-45733
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. ... The hardware logic contains race conditions in some Intel(R) processors that may allow an authenticated user to enable partial information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html https://access.redhat.com/security/cve/CVE-2023-45733 https://bugzilla.redhat.com/show_bug.cgi?id=2292296 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1298: Hardware Logic Contains Race Conditions •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-21792
https://notcve.org/view.php?id=CVE-2024-21792
Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
This lack of restriction permits arbitrary format strings with multiple specifiers, potentially leading to data leakage from the stack and memory corruption. • https://github.com/swsmith2391/CVE-2024-29510 https://bugs.ghostscript.com/show_bug.cgi?id=707662 https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation https://www.openwall.com/lists/oss-security/2024/07/03/7 https://access.redhat.com/security/cve/CVE-2024-29510 https://bugzilla.redhat.com/show_bug.cgi?id=2293950 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4322
Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure. • https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 • CWE-29: Path Traversal: '\..\filename' •