CVE-2024-4204 | The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | medium |
CVE-2024-3609 | The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. | medium |
CVE-2024-2619 | The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page. | medium |
CVE-2024-24981 | Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | high |
CVE-2024-23980 | Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | high |
CVE-2024-23487 | Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | high |
CVE-2024-22476 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. | critical |
CVE-2024-22390 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. | medium |
CVE-2024-22384 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | low |
CVE-2024-22382 | Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | high |
CVE-2024-22379 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-22095 | Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | high |
CVE-2024-22015 | Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. | medium |
CVE-2024-21864 | Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. | high |
CVE-2024-21862 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21861 | Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21843 | Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21841 | Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21837 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21835 | Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21831 | Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21828 | Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21823 | Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. | medium |
CVE-2024-21818 | Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21814 | Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21813 | Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | high |
CVE-2024-21809 | Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21792 | Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. | medium |
CVE-2024-21788 | Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21777 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21774 | Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2024-21772 | Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2023-49614 | Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. | medium |
CVE-2023-48727 | NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. | low |
CVE-2023-48368 | Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | medium |
CVE-2023-47859 | Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | medium |
CVE-2023-47855 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | medium |
CVE-2023-47282 | Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | low |
CVE-2023-47210 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | medium |
CVE-2023-47169 | Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | low |
CVE-2023-47165 | Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access. | medium |
CVE-2023-46691 | Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | high |
CVE-2023-46689 | Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | high |
CVE-2023-46103 | Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. | medium |
CVE-2023-45846 | Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access. | medium |
CVE-2023-45845 | Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access. | medium |
CVE-2023-45745 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | high |
CVE-2023-45743 | Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2023-45736 | Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
CVE-2023-45733 | Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. | low |