The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-44160 - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
Published: September 16, 2024; 8:15:50 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-44167 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
Published: September 16, 2024; 8:15:51 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-44169 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause une... read CVE-2024-44169
Published: September 16, 2024; 8:15:51 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-44202 - An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.
Published: September 16, 2024; 8:15:52 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-38860 - Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
Published: September 17, 2024; 10:15:17 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-38861 - Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.
Published: September 27, 2024; 5:15:02 AM -0400V3.1: 7.4 HIGH
-
CVE-2024-44193 - A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
Published: October 02, 2024; 11:15:14 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-12353 - A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument n... read CVE-2024-12353
Published: December 08, 2024; 9:15:18 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-12354 - A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is ... read CVE-2024-12354
Published: December 08, 2024; 9:15:19 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-12355 - A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper inp... read CVE-2024-12355
Published: December 08, 2024; 9:15:19 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-12357 - A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inc... read CVE-2024-12357
Published: December 09, 2024; 12:15:06 AM -0500V3.1: 5.3 MEDIUM
-
CVE-2024-12358 - A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initi... read CVE-2024-12358
Published: December 09, 2024; 12:15:07 AM -0500V3.1: 8.8 HIGH
-
CVE-2024-12359 - A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scriptin... read CVE-2024-12359
Published: December 09, 2024; 12:15:07 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-12360 - A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql inject... read CVE-2024-12360
Published: December 09, 2024; 12:15:07 AM -0500V3.1: 8.8 HIGH
-
CVE-2024-12352 - A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer ... read CVE-2024-12352
Published: December 08, 2024; 9:15:18 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12344 - A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the ... read CVE-2024-12344
Published: December 08, 2024; 6:15:04 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12343 - A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionT... read CVE-2024-12343
Published: December 08, 2024; 5:15:04 AM -0500V3.1: 8.8 HIGH
-
CVE-2024-12234 - A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql ... read CVE-2024-12234
Published: December 05, 2024; 12:15:11 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12233 - A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argumen... read CVE-2024-12233
Published: December 05, 2024; 12:15:11 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-2059 - A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo le... read CVE-2024-2059
Published: March 01, 2024; 7:15:48 AM -0500V3.1: 7.2 HIGH