Lista CVE 2024/8xxx

CVE nel gruppo: 8xxx

CVE-2024-8023 (N/A)

CVE-2024-8024 (chillzhuang SpringBlade list sql injection)

CVE-2024-8025 (CORS Misconfiguration in netease-youdao/qanything)

CVE-2024-8026 (Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability)

CVE-2024-8027 (CSRF due to overly permissive CORS headers in netease-youdao/qanything)

CVE-2024-8028 (Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything)

CVE-2024-8029 (Denial of Service in danswer-ai/danswer)

CVE-2024-8030 (Stored XSS in imartinez/privategpt)

CVE-2024-8033 (Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection)

CVE-2024-8034 (N/A)

CVE-2024-8035 (N/A)

CVE-2024-8036 (N/A)

CVE-2024-8037 (Unauthorized Modifications of Firmware and Configuration)

CVE-2024-8038 (N/A)

CVE-2024-8039 (N/A)

CVE-2024-8040 (N/A)

CVE-2024-8041 (Authorization Bypass Through User-Controlled Key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x)

CVE-2024-8042 (Uncontrolled Resource Consumption in GitLab)

CVE-2024-8043 (Rapid7 Insight Platform Unauthorized Empty Group Creation)

CVE-2024-8044 (Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF)

CVE-2024-8045 (infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF)

CVE-2024-8046 (Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter)

CVE-2024-8047 (Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-8048 (Visual Sound (old) <= 1.06 - Settings Update via CSRF)

CVE-2024-8049 (Telerik Reporting Insecure Expression Evaluation)

CVE-2024-8051 (Telerik Document Processing Improper Handling of Memory Resources)

CVE-2024-8052 (Special Feed Items <= 1.0.1 - Stored XSS via CSRF)

CVE-2024-8053 (Review Ratings <= 1.6 - Stored XSS via CSRF)

CVE-2024-8054 (Improper Authentication in open-webui/open-webui)

CVE-2024-8055 (MM-Breaking News <= 0.7.9 - Stored XSS via CSRF)

CVE-2024-8056 (Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna)

CVE-2024-8057 (MM-Breaking News <= 0.7.9 - Reflected XSS)

CVE-2024-8058 (Improper Access Control in danswer-ai/danswer)

CVE-2024-8059 (N/A)

CVE-2024-8060 (N/A)

CVE-2024-8061 (Remote Code Execution in OpenWebUI via Arbitrary File Upload)

CVE-2024-8062 (Denial of Service in aimhubio/aim)

CVE-2024-8063 (Denial of Service in h2oai/h2o-3)

CVE-2024-8064 (Divide by Zero in ollama/ollama)

CVE-2024-8065 (N/A)