Security Vulnerabilities - CVEs Published In September 2024
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-13
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-13
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-13
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-13
BT: Unchecked user input in bap_broadcast_assistant
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-13
BT:Classic: Multiple missing buf length checks
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-13
BT: Classic: SDP OOB access in get_att_search_list
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-13
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
CVSS Score
9.8
EPSS Score
0.004
Published
2024-09-13
A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-09-13
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-13