CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 https://github.com/TuomoKu/SPX-GC https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-45105
https://notcve.org/view.php?id=CVE-2024-45105
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-825: Expired Pointer Dereference •
CVE-2024-4550
https://notcve.org/view.php?id=CVE-2024-4550
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-3100
https://notcve.org/view.php?id=CVE-2024-3100
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-7129 – Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE
https://notcve.org/view.php?id=CVE-2024-7129
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins • https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4 •