U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CVSS Version: 3
There are 151,707 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2024-21900

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Published: March 08, 2024; 12:15:22 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-21899

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Published: March 08, 2024; 12:15:22 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-23277

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2024-23276

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-23275

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2024-23274

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-23273

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-23272

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-23270

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-23268

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-23267

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-23266

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

Published: March 07, 2024; 9:15:49 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

Published: March 07, 2024; 4:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-48725

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: March 07, 2024; 10:15:07 AM -0500
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2024-22256

VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.

Published: March 07, 2024; 5:15:07 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-1460

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.

Published: March 06, 2024; 10:15:06 PM -0500
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2024-1443

MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.

Published: March 06, 2024; 10:15:06 PM -0500
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.

Published: March 05, 2024; 7:15:52 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-23296

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Published: March 05, 2024; 3:16:01 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-23225

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Published: March 05, 2024; 3:16:01 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)