CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32928
https://notcve.org/view.php?id=CVE-2024-32928
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. • https://support.google.com/product-documentation/answer/14771247?hl=en&ref_topic=12974021&sjid=9111851316942032590-NA#zippy= •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43301 – WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability
https://notcve.org/view.php?id=CVE-2024-43301
Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.7. This is due to missing or incorrect nonce validation on the manage_kits() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-cross-site-request-forgery-csrf-to-stored-xssvulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43302 – WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43302
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_kits() and manage_kits() function in versions up to, and including, 3.7.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to access and update font kits. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34743
https://notcve.org/view.php?id=CVE-2024-34743
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad https://source.android.com/security/bulletin/2024-08-01 • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34742
https://notcve.org/view.php?id=CVE-2024-34742
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c https://source.android.com/security/bulletin/2024-08-01 •