CVSS: 4.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-21145 – OpenJDK: Out-of-bounds access in 2D image handling (8324559)
https://notcve.org/view.php?id=CVE-2024-21145
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21144 – OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
https://notcve.org/view.php?id=CVE-2024-21144
16 Jul 2024 — Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). ... An attacker could possibly use this issue to cause a deni... • https://security.netapp.com/advisory/ntap-20240719-0007 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-21138 – OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
https://notcve.org/view.php?id=CVE-2024-21138
16 Jul 2024 — This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3172
https://notcve.org/view.php?id=CVE-2024-3172
16 Jul 2024 — Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
16 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39700 – Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
https://notcve.org/view.php?id=CVE-2024-39700
16 Jul 2024 — Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. ... Los repositorios creados usando esta plantilla con la opción `test` incluyen el flujo de trabajo `update-integration-tests.yml` que tiene una vulnerabilidad RCE. Se insta a los autores de extensiones que alojan su c... • https://github.com/LOURC0D3/CVE-2024-39700-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-6655 – Gtk3: gtk2: library injection from cwd
https://notcve.org/view.php?id=CVE-2024-6655
16 Jul 2024 — If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges. • https://access.redhat.com/errata/RHSA-2024:6963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48808 – net: dsa: fix panic when DSA master device unbinds on shutdown
https://notcve.org/view.php?id=CVE-2022-48808
16 Jul 2024 — An attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0650bf52b31ff35dc6430fc2e37969c36baba724 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
16 Jul 2024 — ., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •