U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-20978 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20978
    Published: February 16, 2024; 9:15:51 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2024-20976 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20976
    Published: February 16, 2024; 9:15:51 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2024-20974 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20974
    Published: February 16, 2024; 9:15:51 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2024-20972 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20972
    Published: February 16, 2024; 9:15:50 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2023-26206 - An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields obs... read CVE-2023-26206
    Published: February 15, 2024; 9:15:44 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-20734 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Expl... read CVE-2024-20734
    Published: February 15, 2024; 8:15:47 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-20733 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application t... read CVE-2024-20733
    Published: February 15, 2024; 8:15:47 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-20731 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2024-20731
    Published: February 15, 2024; 8:15:47 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-20730 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us... read CVE-2024-20730
    Published: February 15, 2024; 8:15:47 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-20729 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2024-20729
    Published: February 15, 2024; 8:15:47 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-20728 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2024-20728
    Published: February 15, 2024; 8:15:46 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-20727 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2024-20727
    Published: February 15, 2024; 8:15:46 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-20726 - Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2024-20726
    Published: February 15, 2024; 8:15:46 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-1378 - A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via┬ánomad templates when configuring SMTP options. Exploi... read CVE-2024-1378
    Published: February 13, 2024; 2:15:10 PM -0500

    V3.1: 9.1 CRITICAL

  • CVE-2024-1374 - A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via┬ánomad templates when configuring audit log forwarding... read CVE-2024-1374
    Published: February 13, 2024; 2:15:10 PM -0500

    V3.1: 9.1 CRITICAL

  • CVE-2024-21406 - Windows Printing Service Spoofing Vulnerability
    Published: February 13, 2024; 1:15:59 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-21380 - Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
    Published: February 13, 2024; 1:15:56 PM -0500

    V3.1: 8.0 HIGH

  • CVE-2024-21379 - Microsoft Word Remote Code Execution Vulnerability
    Published: February 13, 2024; 1:15:55 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-21378 - Microsoft Outlook Remote Code Execution Vulnerability
    Published: February 13, 2024; 1:15:55 PM -0500

    V3.1: 8.0 HIGH

  • CVE-2024-21377 - Windows DNS Information Disclosure Vulnerability
    Published: February 13, 2024; 1:15:55 PM -0500

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated February 13, 2024