CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33369
https://notcve.org/view.php?id=CVE-2024-33369
27 Sep 2024 — Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask • https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46441
https://notcve.org/view.php?id=CVE-2024-46441
27 Sep 2024 — An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). • https://github.com/kacins/YPay/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46256
https://notcve.org/view.php?id=CVE-2024-46256
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. • https://github.com/barttran2k/POC_CVE-2024-46256 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33368
https://notcve.org/view.php?id=CVE-2024-33368
27 Sep 2024 — An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen • https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46257
https://notcve.org/view.php?id=CVE-2024-46257
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47175 – libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
https://notcve.org/view.php?id=CVE-2024-47175
26 Sep 2024 — When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. ... This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentiall... • https://packetstorm.news/files/id/182767 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 2CVE-2024-47076 – libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
https://notcve.org/view.php?id=CVE-2024-47076
26 Sep 2024 — CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. ... In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. ... In combination with issues in other printing components, a remote attacker... • https://packetstorm.news/files/id/182767 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 15CVE-2024-47176 – cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
https://notcve.org/view.php?id=CVE-2024-47176
26 Sep 2024 — Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled. ... In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. ... A remote attacker could possibly use this issue... • https://packetstorm.news/files/id/181978 • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function CWE-940: Improper Verification of Source of a Communication Channel CWE-1327: Binding to an Unrestricted IP Address •