CVE-2024-40492
https://notcve.org/view.php?id=CVE-2024-40492
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. • https://github.com/minendie/POC_CVE-2024-40492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual EHCI USB controller. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://security.netapp.com/advisory/ntap-20240719-0008 https://www.oracle.com/security-alerts/cpujul2024.html https://access.redhat.com/security/cve/CVE-2024-21140 https://bugzilla.redhat.com/show_bug.cgi?id=2297963 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-3172
https://notcve.org/view.php?id=CVE-2024-3172
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/40942152 •
CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php https://www.wordfence.com/threat-intel/vulnerabilities/id/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •