Lista CVE 2024/12xxx

CVE nel gruppo: 12xxx

CVE-2024-12042 (N/A)

CVE-2024-12043 (MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting))

CVE-2024-12044 (Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12045 (Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection)

CVE-2024-12046 (Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2024-12047 (Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode)

CVE-2024-12048 (WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter)

CVE-2024-12049 (IDOR Vulnerability in transformeroptimus/superagi)

CVE-2024-12053 (Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters)

CVE-2024-12054 (N/A)

CVE-2024-12055 (ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness)

CVE-2024-12056 (DoS using malicious gguf model file in ollama/ollama)

CVE-2024-12057 (Client Secret not checked with OAuth Password grant type)

CVE-2024-12058 (User credentials recorded in log files)

CVE-2024-12059 (N/A)

CVE-2024-12060 (ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read)

CVE-2024-12061 (WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters)

CVE-2024-12062 (Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12063 (Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12064 (Denial of Service in imartinez/privategpt)

CVE-2024-12065 (N/A)

CVE-2024-12066 (Local File Inclusion in haotian-liu/llava)

CVE-2024-12067 (SMSA Shipping(official) <= 2.2 - Authenticated (Subscriber+) Arbitrary File Deletion)

CVE-2024-12068 (WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection)

CVE-2024-12069 (Server-Side Request Forgery in haotian-liu/llava)

CVE-2024-12070 (Lexicata <= 1.0.16 - Reflected Cross-Site Scripting)

CVE-2024-12071 (Denial of Service in haotian-liu/llava)

CVE-2024-12072 (Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion)

CVE-2024-12073 (Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting)

CVE-2024-12074 (Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12076 (Denial of Service in automatic1111/stable-diffusion-webui)

CVE-2024-12077 (Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting)

CVE-2024-12078 (Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id')

CVE-2024-12079 (ECOVACS lawnmowers and vacuums static BLE GATT encryption key)

CVE-2024-12082 (ECOVACS lawnmowers cleartext storage of anti-theft PIN)

CVE-2024-12083 (Ability Runtime has an out-of-bounds read permission bypass vulnerability)

CVE-2024-12084 (Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers)

CVE-2024-12085 (Rsync: heap buffer overflow in rsync due to improper checksum length handling)

CVE-2024-12086 (Rsync: info leak via uninitialized stack contents)

CVE-2024-12087 (Rsync: rsync server leaks arbitrary client files)

CVE-2024-12088 (Rsync: path traversal vulnerability in rsync)

CVE-2024-12089 (Rsync: –safe-links option bypass leads to path traversal)

CVE-2024-12090 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x)

CVE-2024-12091 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x)

CVE-2024-12092 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x)

CVE-2024-12094 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x)

CVE-2024-12095 (Information Disclosure Vulnerability in Tinxy)

CVE-2024-12096 (N/A)

CVE-2024-12097 (Exhibit to WP Gallery <= 0.0.2 - Reflected XSS)

CVE-2024-12098 (SQLi in Boceksoft Informatics’ E-Travel)

CVE-2024-12099 (ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting)

CVE-2024-12100 (Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12101 (Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting)

CVE-2024-12102 (N/A)

CVE-2024-12103 (Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12104 (Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure)

CVE-2024-12105 (Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion)

CVE-2024-12106 (WhatsUp Gold – SnmpExtendedActiveMonitor path traversal)

CVE-2024-12107 (WhatsUp Gold – LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication)

CVE-2024-12108 (Double Free in µD3TN)