CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46815 – drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
https://notcve.org/view.php?id=CVE-2024-46815
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46814 – drm/amd/display: Check msg_id before processing transcation
https://notcve.org/view.php?id=CVE-2024-46814
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46810 – drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
https://notcve.org/view.php?id=CVE-2024-46810
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46807 – drm/amd/amdgpu: Check tbo resource pointer
https://notcve.org/view.php?id=CVE-2024-46807
27 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
27 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46441
https://notcve.org/view.php?id=CVE-2024-46441
27 Sep 2024 — An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). • https://github.com/kacins/YPay/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33369
https://notcve.org/view.php?id=CVE-2024-33369
27 Sep 2024 — Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask • https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46366
https://notcve.org/view.php?id=CVE-2024-46366
27 Sep 2024 — A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. • https://gist.github.com/Tommywarren/89cef7f876ee897a4ff40a8b71b6208e • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46256
https://notcve.org/view.php?id=CVE-2024-46256
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. • https://github.com/barttran2k/POC_CVE-2024-46256 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •