7.5
CVE-2024-45289 - Unbounded allocation in ctl(4) CAM Target Layer
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting β¦
5.3
CVE-2024-39281 - Unbounded allocation in ctl(4) CAM Target Layer
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
6.8
CVE-2024-2315 - SMM arbitrary code execution in Overclock
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
4.4
CVE-2024-33658 - Buffer Overflow Vulnerability In OFBD
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.
5.2
CVE-2024-33660 - Potential Firmware update without integrity check
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
7.2
CVE-2024-42442 - Runtime Service Access outside SMRAM
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
5.1
CVE-2024-11130 - ZZCMS msg.php cross site scripting
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosβ¦
5.3
CVE-2024-11127 - code-projects Job Recruitment admin.php sql injection
A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit β¦
6.5
CVE-2024-51566 - bhyve(8) NVMe driver to guest-induced infinite loops.
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
6.5
CVE-2024-51565 - bhyve(8) hda driver buffer over-read
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.