5.3
CVE-2024-39281 - Unbounded allocation in ctl(4) CAM Target Layer
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
6.8
CVE-2024-2315 - SMM arbitrary code execution in Overclock
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
4.4
CVE-2024-33658 - Buffer Overflow Vulnerability In OFBD
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.
5.2
CVE-2024-33660 - Potential Firmware update without integrity check
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
7.2
CVE-2024-42442 - Runtime Service Access outside SMRAM
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
5.1
CVE-2024-11130 - ZZCMS msg.php cross site scripting
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosβ¦
5.3
CVE-2024-11127 - code-projects Job Recruitment admin.php sql injection
A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit β¦
6.5
CVE-2024-51566 - bhyve(8) NVMe driver to guest-induced infinite loops.
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
6.5
CVE-2024-51565 - bhyve(8) hda driver buffer over-read
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
7
CVE-2024-37365 - FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalateβ¦