Lista CVE 2024/8xxx

CVE nel gruppo: 8xxx

CVE-2024-8045 (N/A)

CVE-2024-8046 (Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter)

CVE-2024-8047 (Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-8048 (Visual Sound (old) <= 1.06 - Settings Update via CSRF)

CVE-2024-8049 (Telerik Reporting Insecure Expression Evaluation)

CVE-2024-8051 (Telerik Document Processing Improper Handling of Memory Resources)

CVE-2024-8052 (Special Feed Items <= 1.0.1 - Stored XSS via CSRF)

CVE-2024-8053 (Review Ratings <= 1.6 - Stored XSS via CSRF)

CVE-2024-8054 (Improper Authentication in open-webui/open-webui)

CVE-2024-8055 (MM-Breaking News <= 0.7.9 - Stored XSS via CSRF)

CVE-2024-8056 (Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna)

CVE-2024-8057 (MM-Breaking News <= 0.7.9 - Reflected XSS)

CVE-2024-8058 (Improper Access Control in danswer-ai/danswer)

CVE-2024-8059 (N/A)

CVE-2024-8060 (N/A)

CVE-2024-8061 (Remote Code Execution in OpenWebUI via Arbitrary File Upload)

CVE-2024-8062 (Denial of Service in aimhubio/aim)

CVE-2024-8063 (Denial of Service in h2oai/h2o-3)

CVE-2024-8064 (Divide by Zero in ollama/ollama)

CVE-2024-8065 (N/A)

CVE-2024-8066 (CSRF in danswer-ai/danswer)

CVE-2024-8067 (File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload)

CVE-2024-8068 (Unicode “best fit” argument injection)

CVE-2024-8069 (Privilege escalation to NetworkService Account access)

CVE-2024-8070 (Limited remote code execution with privilege of a NetworkService Account access)

CVE-2024-8071 (N/A)

CVE-2024-8072 (System Role with edit access to permissions can elevate themselves to system admin)

CVE-2024-8073 (Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users)

CVE-2024-8074 (Command Injection Vulnerability in Hillstone Networks Web Application Firewall)

CVE-2024-8075 (Sensetive Data Exposure in Nomysoft Informatics’ Nomysem)

CVE-2024-8076 (TOTOLINK AC1200 T8 setDiagnosisCfg os command injection)

CVE-2024-8077 (TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow)

CVE-2024-8078 (TOTOLINK AC1200 T8 setTracerouteCfg os command injection)

CVE-2024-8079 (TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow)

CVE-2024-8080 (TOTOLINK AC1200 T8 exportOvpn buffer overflow)

CVE-2024-8081 (SourceCodester Online Health Care System search.php sql injection)

CVE-2024-8083 (itsourcecode Payroll Management System login.php sql injection)

CVE-2024-8084 (SourceCodester Online Computer and Laptop Store Master.php sql injection)

CVE-2024-8086 (SourceCodester Online Computer and Laptop Store Setting SystemSettings.php cross site scripting)

CVE-2024-8087 (SourceCodester E-Commerce System Admin Login login.php sql injection)

CVE-2024-8088 (SourceCodester E-Commerce System popup_Item.php sql injection)

CVE-2024-8089 (Infinite loop when iterating over zip archive entry names from zipfile.Path)

CVE-2024-8091 (SourceCodester E-Commerce System controller.php unrestricted upload)

CVE-2024-8092 (Enhanced Search Box <= 0.6.1 - Settings Update via CSRF)

CVE-2024-8093 (Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF)

CVE-2024-8096 (Posts reminder <= 0.20 - Settings Update via CSRF)

CVE-2024-8097 (OCSP stapling bypass with GnuTLS)

CVE-2024-8099 (Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level)

CVE-2024-8101 (Server-Side Request Forgery (SSRF) in vanna-ai/vanna)

CVE-2024-8102 (Stored XSS in aimhubio/aim)

CVE-2024-8103 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update)

CVE-2024-8104 (WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter)

CVE-2024-8105 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download)

CVE-2024-8106 (Insecure Platform Key (PK) used in UEFI system firmware signature)

CVE-2024-8107 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure)

CVE-2024-8108 (Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-8110 (Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter)

CVE-2024-8112 (N/A)

CVE-2024-8113 (thinkgem JeeSite Cookie login cross site scripting)

CVE-2024-8114 (Stored XSS in Placeholder Samples in Mail Preview)