CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://security.netapp.com/advisory/ntap-20240719-0008 https://www.oracle.com/security-alerts/cpujul2024.html https://access.redhat.com/security/cve/CVE-2024-21140 https://bugzilla.redhat.com/show_bug.cgi?id=2297963 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3172
https://notcve.org/view.php?id=CVE-2024-3172
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/40942152 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php https://www.wordfence.com/threat-intel/vulnerabilities/id/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39700 – Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
https://notcve.org/view.php?id=CVE-2024-39700
Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. ... Los repositorios creados usando esta plantilla con la opción `test` incluyen el flujo de trabajo `update-integration-tests.yml` que tiene una vulnerabilidad RCE. • https://github.com/LOURC0D3/CVE-2024-39700-PoC https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6 https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40515
https://notcve.org/view.php?id=CVE-2024-40515
,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/410d6ae5c8ead88c2e0f5c641b2382ec • CWE-940: Improper Verification of Source of a Communication Channel •