CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39877 – Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
https://notcve.org/view.php?id=CVE-2024-39877
17 Jul 2024 — Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. • https://github.com/apache/airflow/pull/40522 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-277: Insecure Inherited Permissions •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40492
https://notcve.org/view.php?id=CVE-2024-40492
17 Jul 2024 — Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. • https://github.com/minendie/POC_CVE-2024-40492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43971
https://notcve.org/view.php?id=CVE-2023-43971
17 Jul 2024 — Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php. • https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40502 – Hospital Management System Project in ASP.Net MVC 1 SQL Injection
https://notcve.org/view.php?id=CVE-2024-40502
17 Jul 2024 — SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx Vulnerabilidad de inyección SQL en Hospital Management System Project in ASP.Net MVC 1 permite a un atacante remoto ejecutar código arbitrario a través de la función btn_login_b_Click de Loginpage.aspx Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL... • https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
16 Jul 2024 — An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual EHCI USB controller. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVSS: 7.4EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21147 – OpenJDK: RangeCheckElimination array index overflow (8323231)
https://notcve.org/view.php?id=CVE-2024-21147
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-21145 – OpenJDK: Out-of-bounds access in 2D image handling (8324559)
https://notcve.org/view.php?id=CVE-2024-21145
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21144 – OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
https://notcve.org/view.php?id=CVE-2024-21144
16 Jul 2024 — Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). ... An attacker could possibly use this issue to cause a deni... • https://security.netapp.com/advisory/ntap-20240719-0007 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-21138 – OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
https://notcve.org/view.php?id=CVE-2024-21138
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •