CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-36729
https://notcve.org/view.php?id=CVE-2024-36729
The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. • https://github.com/HouseFuzz/reports/blob/main/trendnet/TEW827/wizard_ipv6/wizard_ipv6.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: %CPEs: -EXPL: 0CVE-2024-36728
https://notcve.org/view.php?id=CVE-2024-36728
The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key. • https://github.com/HouseFuzz/reports/blob/main/trendnet/TEW827/vlan_setting/vlan_setting.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: %CPEs: -EXPL: 0CVE-2024-36569
https://notcve.org/view.php?id=CVE-2024-36569
Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/RCE-1.md • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36960 – drm/vmwgfx: Fix invalid reads in fence signaled events
https://notcve.org/view.php?id=CVE-2024-36960
An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of vmw fence events. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/8b7de6aa84682a3396544fd88cd457f95484573a https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9 https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36 https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0 https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22 https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb7242834 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35658 – WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35658
This makes it possible for unauthenticated attackers to delete arbitrary files which can be leveraged to achieve remote code execution. • https://patchstack.com/database/vulnerability/woocommerce-checkout-field-editor-pro/wordpress-checkout-field-editor-for-woocommerce-pro-plugin-3-6-2-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •