CVE-2023-43971
https://notcve.org/view.php?id=CVE-2023-43971
Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php. • https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b https://github.com/lizhipay/acg-faka/issues/72 •
CVE-2024-40492
https://notcve.org/view.php?id=CVE-2024-40492
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. • https://github.com/minendie/POC_CVE-2024-40492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual EHCI USB controller. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://security.netapp.com/advisory/ntap-20240719-0008 https://www.oracle.com/security-alerts/cpujul2024.html https://access.redhat.com/security/cve/CVE-2024-21140 https://bugzilla.redhat.com/show_bug.cgi?id=2297963 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-3172
https://notcve.org/view.php?id=CVE-2024-3172
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/40942152 •