CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6999 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-6999
01 Aug 2024 — Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7000 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7000
01 Aug 2024 — Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7001 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7001
01 Aug 2024 — Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7003 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7003
01 Aug 2024 — Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7004 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7004
01 Aug 2024 — Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7005 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7005
01 Aug 2024 — Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html • CWE-20: Improper Input Validation CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23920 – ChargePoint Home Flex Improper Access Control
https://notcve.org/view.php?id=CVE-2024-23920
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the con... • https://www.zerodayinitiative.com/advisories/ZDI-24-1048 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23921 – ChargePoint Home Flex Command Injection
https://notcve.org/view.php?id=CVE-2024-23921
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the con... • https://www.zerodayinitiative.com/advisories/ZDI-24-1049 • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23928 – Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2024-23928
01 Aug 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1045 • CWE-863: Incorrect Authorization •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23929 – Pioneer DMH-WT7600NEX Telematics Directory Traversal
https://notcve.org/view.php?id=CVE-2024-23929
01 Aug 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1044 • CWE-94: Improper Control of Generation of Code ('Code Injection') •