Lista CVE 2024/10xxx

CVE nel gruppo: 10xxx

CVE-2024-10000 (N/A)

CVE-2024-10001 (Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality)

CVE-2024-10002 (Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling)

CVE-2024-10003 (Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator)

CVE-2024-10004 (Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions)

CVE-2024-10005 (N/A)

CVE-2024-10006 (Consul L7 Intentions Vulnerable To URL Path Bypass)

CVE-2024-10007 (Consul L7 Intentions Vulnerable To Headers Bypass)

CVE-2024-10008 (Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation)

CVE-2024-10010 (Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation)

CVE-2024-10011 (LearnPress < 4.2.7.2 - Admin+ Stored XSS)

CVE-2024-10012 (BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal)

CVE-2024-10013 (Progress UI for WPF format provider unsafe deserialization vulnerability)

CVE-2024-10014 (Progress UI for WinForms format provider unsafe deserialization vulnerability)

CVE-2024-10015 (Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode)

CVE-2024-10016 (ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter)

CVE-2024-10017 (File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-10018 (PJW Mime Config <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-10019 (N/A)

CVE-2024-10020 (Path Traversal and OS Command Injection in parisneo/lollms-webui)