Lista CVE 2024/4xxx

CVE nel gruppo: 4xxx

CVE-2024-4024 (N/A)

CVE-2024-4026 (Authentication Bypass by Assumed-Immutable Data in GitLab)

CVE-2024-4028 (Cross-Site Scripting in the Holded application)

CVE-2024-4029 (Keycloak-core: stored xss in keycloak when creating a items in admin console)

CVE-2024-4030 (Wildfly: no timeout for eap management interface may lead to denial of service (dos))

CVE-2024-4031 (tempfile.mkdtemp() may be readable and writeable by all users on Windows)

CVE-2024-4032 (MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability)

CVE-2024-4033 (Incorrect IPv4 and IPv6 private ranges)

CVE-2024-4034 (All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image)

CVE-2024-4035 (N/A)

CVE-2024-4036 (N/A)

CVE-2024-4037 (N/A)

CVE-2024-4038 (WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution)

CVE-2024-4039 (Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution)

CVE-2024-4040 (Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution)

CVE-2024-4041 (Unauthenticated arbitrary file read and remote code execution in CrushFTP)

CVE-2024-4042 (Yoast SEO <= 22.5 - Reflected Cross-Site Scripting)

CVE-2024-4043 (Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute)

CVE-2024-4044 (WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode)

CVE-2024-4045 (Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio)

CVE-2024-4046 (Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-4056 (N/A)

CVE-2024-4057 (Denial of service condition in M-Files Server)

CVE-2024-4058 (Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS)

CVE-2024-4059 (N/A)

CVE-2024-4060 (N/A)

CVE-2024-4061 (N/A)

CVE-2024-4062 (Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings)

CVE-2024-4063 (Hualai Xiaofang iSC5 certificate validation)

CVE-2024-4064 (EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation)

CVE-2024-4065 (Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow)

CVE-2024-4066 (Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow)

CVE-2024-4067 (Tenda AC8 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow)

CVE-2024-4068 (Regular Expression Denial of Service in micromatch)

CVE-2024-4069 (Memory Exhaustion in braces)

CVE-2024-4070 (Kashipara Online Furniture Shopping Ecommerce Website search.php sql injection)

CVE-2024-4071 (Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection)

CVE-2024-4072 (Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection)

CVE-2024-4073 (Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting)

CVE-2024-4074 (Kashipara Online Furniture Shopping Ecommerce Website prodList.php cross site scripting)