Lista CVE 2024/11xxx

CVE nel gruppo: 11xxx

CVE-2024-11043 (N/A)

CVE-2024-11044 (Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai)

CVE-2024-11045 (Open Redirect in automatic1111/stable-diffusion-webui)

CVE-2024-11046 (Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui)

CVE-2024-11047 (D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection)

CVE-2024-11048 (D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow)

CVE-2024-11049 (D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow)

CVE-2024-11050 (ZKTeco ZKBio Time Image File photo direct request)

CVE-2024-11051 (AMTT Hotel Broadband Operation System language.php cross site scripting)

CVE-2024-11052 (AMTT Hotel Broadband Operation System online_status.php sql injection)

CVE-2024-11053 (Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations)

CVE-2024-11054 (netrc and redirect credential leak)

CVE-2024-11055 (SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload)

CVE-2024-11056 (1000 Projects Beauty Parlour Management System admin-profile.php sql injection)

CVE-2024-11057 (Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow)

CVE-2024-11058 (Codezips Hospital Appointment System removeBranchResult.php sql injection)

CVE-2024-11059 (CodeAstro Real Estate Management System About Us Page aboutedit.php sql injection)

CVE-2024-11060 (Project Worlds Free Download Online Shopping System success.php sql injection)

CVE-2024-11061 (Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection)

CVE-2024-11062 (Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow)

CVE-2024-11063 (D-Link DSL6740C – OS Command Injection)

CVE-2024-11064 (D-Link DSL6740C – OS Command Injection)

CVE-2024-11065 (D-Link DSL6740C – OS Command Injection)

CVE-2024-11066 (D-Link DSL6740C – OS Command Injection)

CVE-2024-11067 (D-Link DSL6740C – OS Command Injection)

CVE-2024-11068 (D-Link DSL6740C – Arbitrary File Reading through Path Traversal)

CVE-2024-11069 (D-Link DSL6740C – Incorrect Use of Privileged APIs)

CVE-2024-11070 (WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion)

CVE-2024-11073 (Sanluan PublicCMS Tag Type save cross site scripting)

CVE-2024-11074 (SourceCodester Hospital Management System delete-account.php improper authorization)

CVE-2024-11075 (itsourcecode Tailoring Management System incadd.php sql injection)

CVE-2024-11076 (SICK Incoming Goods Suite privilege escalation vulnerability)

CVE-2024-11077 (code-projects Job Recruitment activation.php sql injection)

CVE-2024-11078 (code-projects Job Recruitment index.php sql injection)

CVE-2024-11079 (code-projects Job Recruitment register.php cross site scripting)

CVE-2024-11081 (Ansible-core: unsafe tagging bypass via hostvars object in ansible-core)

CVE-2024-11082 (N/A)

CVE-2024-11083 (Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function)

CVE-2024-11085 (ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure)

CVE-2024-11086 (WP Log Viewer <= 1.2.1 - Missing Authorization)

CVE-2024-11087 (N/A)

CVE-2024-11088 (miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass)

CVE-2024-11089 (Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor)

CVE-2024-11090 (Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure)

CVE-2024-11091 (Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure)

CVE-2024-11092 (Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload)

CVE-2024-11093 (SVGPlus <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-11094 (SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-11095 (404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure)

CVE-2024-11096 (Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-11097 (code-projects Task Manager newProject.php sql injection)

CVE-2024-11098 (SourceCodester Student Record Management System Main Menu infinite loop)

CVE-2024-11099 (SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-11100 (code-projects Job Recruitment login.php sql injection)

CVE-2024-11101 (1000 Projects Beauty Parlour Management System index.php sql injection)

CVE-2024-11102 (1000 Projects Beauty Parlour Management System search-invoices.php sql injection)

CVE-2024-11103 (SourceCodester Hospital Management System edit-doc.php cross site scripting)

CVE-2024-11104 (Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover)

CVE-2024-11106 (Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update)

CVE-2024-11107 (Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure)