CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6312 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6312
27 Aug 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. ... This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/3e815531-f966-44a1-a037-8077a40c83b0?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36068
https://notcve.org/view.php?id=CVE-2024-36068
27 Aug 2024 — An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. • https://www.rubrik.com/advisories/rbk-20240619-v0044 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44342
https://notcve.org/view.php?id=CVE-2024-44342
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6311 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6311
27 Aug 2024 — This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd42fc4-ab4a-4053-b765-18272eacd2bc?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44341
https://notcve.org/view.php?id=CVE-2024-44341
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44942 – f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
https://notcve.org/view.php?id=CVE-2024-44942
26 Aug 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44940 – fou: remove warn in gue_gro_receive on unsupported protocol
https://notcve.org/view.php?id=CVE-2024-44940
26 Aug 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/b1453a5616c7bd8acd90633ceba4e59105ba3b51 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44935 – sctp: Fix null-ptr-deref in reuseport_add_sock().
https://notcve.org/view.php?id=CVE-2024-44935
26 Aug 2024 — [0]: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350 Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4... • https://git.kernel.org/stable/c/6ba84574026792ce33a40c7da721dea36d0f3973 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44934 – net: bridge: mcast: wait for previous gc cycles when removing port
https://notcve.org/view.php?id=CVE-2024-44934
26 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/e12cec65b5546f19217e26aafb8add6e2fadca18 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44931 – gpio: prevent potential speculation leaks in gpio_device_get_desc()
https://notcve.org/view.php?id=CVE-2024-44931
26 Aug 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479 •