CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21113 – Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21113
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the E1000 virtual device. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21112 – Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21112
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual AHCI controller. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21110 – Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21110
An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root on the target guest system. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3660 – Arbitrary code injection vulnerability in Keras framework < 2.13
https://notcve.org/view.php?id=CVE-2024-3660
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. • https://kb.cert.org/vuls/id/253266 https://www.kb.cert.org/vuls/id/253266 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3871 – Authenticated Remote Command Injection in Delta Electronics DVW
https://notcve.org/view.php?id=CVE-2024-3871
This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. • https://onekey.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •