Lista CVE 2024/12xxx

CVE nel gruppo: 12xxx

CVE-2024-12065 (Clicca per dettagli)

CVE-2024-12066 (Local File Inclusion in haotian-liu/llava)

CVE-2024-12067 (SMSA Shipping(official) <= 2.2 - Authenticated (Subscriber+) Arbitrary File Deletion)

CVE-2024-12068 (WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection)

CVE-2024-12069 (Server-Side Request Forgery in haotian-liu/llava)

CVE-2024-12070 (Lexicata <= 1.0.16 - Reflected Cross-Site Scripting)

CVE-2024-12071 (Denial of Service in haotian-liu/llava)

CVE-2024-12072 (Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion)

CVE-2024-12073 (Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting)

CVE-2024-12074 (Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12076 (Denial of Service in automatic1111/stable-diffusion-webui)

CVE-2024-12077 (Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting)

CVE-2024-12078 (Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id')

CVE-2024-12079 (ECOVACS lawnmowers and vacuums static BLE GATT encryption key)

CVE-2024-12082 (ECOVACS lawnmowers cleartext storage of anti-theft PIN)

CVE-2024-12083 (Ability Runtime has an out-of-bounds read permission bypass vulnerability)

CVE-2024-12084 (Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers)

CVE-2024-12085 (Rsync: heap buffer overflow in rsync due to improper checksum length handling)

CVE-2024-12086 (Rsync: info leak via uninitialized stack contents)

CVE-2024-12087 (Rsync: rsync server leaks arbitrary client files)

CVE-2024-12088 (Rsync: path traversal vulnerability in rsync)

CVE-2024-12089 (Rsync: –safe-links option bypass leads to path traversal)

CVE-2024-12090 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x)

CVE-2024-12091 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x)

CVE-2024-12092 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x)

CVE-2024-12094 (Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x)

CVE-2024-12095 (Information Disclosure Vulnerability in Tinxy)

CVE-2024-12096 (Clicca per dettagli)

CVE-2024-12097 (Exhibit to WP Gallery <= 0.0.2 - Reflected XSS)

CVE-2024-12098 (SQLi in Boceksoft Informatics’ E-Travel)

CVE-2024-12099 (ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting)

CVE-2024-12100 (Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12101 (Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting)

CVE-2024-12102 (Clicca per dettagli)

CVE-2024-12103 (Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12104 (Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure)

CVE-2024-12105 (Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion)

CVE-2024-12106 (WhatsUp Gold – SnmpExtendedActiveMonitor path traversal)

CVE-2024-12107 (WhatsUp Gold – LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication)

CVE-2024-12108 (Double Free in µD3TN)

CVE-2024-12109 (WhatsUp Gold – Public API signing key rotation issue)

CVE-2024-12110 (Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi)

CVE-2024-12111 (Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation)

CVE-2024-12112 (Potential LDAP authentication vulnerabilities in OpenText Privileged Access Manager)

CVE-2024-12113 (Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting)

CVE-2024-12114 (Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion)

CVE-2024-12115 (FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates)

CVE-2024-12116 (Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication)

CVE-2024-12117 (Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.1 - Authenticated (Contributor+) Post Disclosure)

CVE-2024-12118 (Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12119 (The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-12121 (FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size)

CVE-2024-12122 (Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery)

CVE-2024-12123 (ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters)

CVE-2024-12124 (Unauthorized Modification of Ticket Requester)

CVE-2024-12126 (Clicca per dettagli)

CVE-2024-12127 (SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter)

CVE-2024-12128 (Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter)

CVE-2024-12129 (Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter)

CVE-2024-12130 (Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update)

CVE-2024-12131 (Rockwell Automation Arena® Out of Bounds Read Vulnerability)

CVE-2024-12132 (WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference)

CVE-2024-12133 (WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference)

CVE-2024-12136 (Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos)

CVE-2024-12137 (Improper Access Control in Elfatek Elektronics’ ANKA JPD-00028)

CVE-2024-12138 (Authentication Bypass in Elfatek Elektronics’ ANKA JPD-00028)

CVE-2024-12140 (horilla create_skills deserialization)

CVE-2024-12142 (Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure)

CVE-2024-12144 (Clicca per dettagli)

CVE-2024-12146 (SQLi in Finder Fire Safety’s Finder ERP/CRM (Old System))

CVE-2024-12147 (SQLi in Finder Fire Safety’s Finder ERP/CRM (New System))

CVE-2024-12148 (Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow)

CVE-2024-12149 (Clicca per dettagli)

CVE-2024-12151 (Clicca per dettagli)

CVE-2024-12152 (Clicca per dettagli)

CVE-2024-12153 (MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download)

CVE-2024-12155 (GDY Modular Content <= 0.9.91 - Reflected Cross-Site Scripting)

CVE-2024-12156 (SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update)

CVE-2024-12157 (AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting)

CVE-2024-12158 (Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection)