CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36960 – drm/vmwgfx: Fix invalid reads in fence signaled events
https://notcve.org/view.php?id=CVE-2024-36960
An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of vmw fence events. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/8b7de6aa84682a3396544fd88cd457f95484573a https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9 https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36 https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0 https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22 https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb7242834 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35658 – WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35658
This makes it possible for unauthenticated attackers to delete arbitrary files which can be leveraged to achieve remote code execution. • https://patchstack.com/database/vulnerability/woocommerce-checkout-field-editor-pro/wordpress-checkout-field-editor-for-woocommerce-pro-plugin-3-6-2-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35650 – WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35650
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. ... The MelaPress Login Security plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.3.0 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files hosted on remote servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. • https://patchstack.com/database/vulnerability/melapress-login-security/wordpress-melapress-login-security-plugin-1-3-0-remote-file-inclusion-vulnerability? • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27776 – MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://notcve.org/view.php?id=CVE-2024-27776
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE MileSight DeviceHub: CWE-22 La limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal") puede permitir RCE no autenticado • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22058
https://notcve.org/view.php?id=CVE-2024-22058
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. • https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM •