CVE List - 2024 / March
Showing 701 - 800 of 3299 CVEs for March 2024 (Page 8 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-23270 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An... |
| CVE-2024-23289 | 2024-03-08 | A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4.... |
| CVE-2024-23266 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts... |
| CVE-2024-23231 | 2024-03-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS... |
| CVE-2024-23230 | 2024-03-08 | This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive... |
| CVE-2024-23288 | 2024-03-08 | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be... |
| CVE-2024-23267 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy... |
| CVE-2024-23226 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content... |
| CVE-2024-23247 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app... |
| CVE-2024-23284 | 2024-03-08 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6... |
| CVE-2024-23292 | 2024-03-08 | This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about... |
| CVE-2024-23205 | 2024-03-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be... |
| CVE-2024-23244 | 2024-03-08 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to... |
| CVE-2024-23268 | 2024-03-08 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate... |
| CVE-2024-23287 | 2024-03-08 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be... |
| CVE-2024-23291 | 2024-03-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4.... |
| CVE-2024-23248 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
| CVE-2024-23233 | 2024-03-08 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. |
| CVE-2024-23264 | 2024-03-08 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4,... |
| CVE-2024-23272 | 2024-03-08 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts... |
| CVE-2024-23273 | 2024-03-08 | This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without... |
| CVE-2024-23265 | 2024-03-08 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4,... |
| CVE-2024-23232 | 2024-03-08 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. |
| CVE-2024-23249 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
| CVE-2024-23290 | 2024-03-08 | A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able... |
| CVE-2024-23269 | 2024-03-08 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may... |
| CVE-2024-23286 | 2024-03-08 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS... |
| CVE-2024-23245 | 2024-03-08 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use... |
| CVE-2024-23253 | 2024-03-08 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. |
| CVE-2024-23258 | 2024-03-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution. |
| CVE-2024-23235 | 2024-03-08 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6,... |
| CVE-2024-23262 | 2024-03-08 | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able... |
| CVE-2024-23274 | 2024-03-08 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate... |
| CVE-2024-23254 | 2024-03-08 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A... |
| CVE-2024-23242 | 2024-03-08 | A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able... |
| CVE-2024-23239 | 2024-03-08 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be... |
| CVE-2024-23281 | 2024-03-08 | This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data. |
| CVE-2024-0258 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able... |
| CVE-2024-23278 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6,... |
| CVE-2024-23297 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private... |
| CVE-2024-23279 | 2024-03-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. |
| CVE-2024-23280 | 2024-03-08 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted... |
| CVE-2024-23238 | 2024-03-08 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables. |
| CVE-2024-23255 | 2024-03-08 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be... |
| CVE-2024-23275 | 2024-03-08 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected... |
| CVE-2024-23263 | 2024-03-08 | A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and... |
| CVE-2024-23234 | 2024-03-08 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to... |
| CVE-2024-23259 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead... |
| CVE-2024-2283 | 2024-03-08 | boyiddha Automated-Mess-Management-System view.php sql injection |
| CVE-2024-2284 | 2024-03-08 | boyiddha Automated-Mess-Management-System Chat Book chat.php cross site scripting |
| CVE-2024-2285 | 2024-03-08 | boyiddha Automated-Mess-Management-System member_edit.php cross site scripting |
| CVE-2024-1987 | 2024-03-08 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization... |
| CVE-2024-2298 | 2024-03-08 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and... |
| CVE-2024-1851 | 2024-03-08 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and... |
| CVE-2024-2316 | 2024-03-08 | Bdtask Hospital AutoManager Update Bill Page cross-site request forgery |
| CVE-2024-2317 | 2024-03-08 | Bdtask Hospital AutoManager Prescription Page improper authorization |
| CVE-2024-2318 | 2024-03-08 | ZKTeco ZKBio Media Service Port 9999 download path traversal |
| CVE-2024-2319 | 2024-03-08 | Cross-Site Scripting vulnerability in Django MarkdownX |
| CVE-2023-47221 | 2024-03-08 | Photo Station |
| CVE-2023-34980 | 2024-03-08 | QTS, QuTS hero |
| CVE-2023-32969 | 2024-03-08 | Network & Virtual Switch |
| CVE-2024-21899 | 2024-03-08 | QTS, QuTS hero, QuTScloud |
| CVE-2024-21900 | 2024-03-08 | QTS, QuTS hero, QuTScloud |
| CVE-2024-21901 | 2024-03-08 | myQNAPcloud |
| CVE-2022-43855 | 2024-03-08 | IBM SPSS Statistics denial of service |
| CVE-2024-2338 | 2024-03-08 | SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule |
| CVE-2024-2339 | 2024-03-08 | Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule |
| CVE-2023-32264 | 2024-03-08 | CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer. |
| CVE-2024-28123 | 2024-03-08 | Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters |
| CVE-2023-46426 | 2024-03-09 | Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c. |
| CVE-2023-46427 | 2024-03-09 | An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in... |
| CVE-2023-49340 | 2024-03-09 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. |
| CVE-2023-49341 | 2024-03-09 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component. |
| CVE-2023-50015 | 2024-03-09 | An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. |
| CVE-2024-28089 | 2024-03-09 | Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch... |
| CVE-2024-25501 | 2024-03-09 | An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. |
| CVE-2024-28176 | 2024-03-09 | jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext |
| CVE-2024-28122 | 2024-03-09 | JWX vulnerable to a denial of service attack using compressed JWE message |
| CVE-2024-28184 | 2024-03-09 | WeasyPrint allows the attachment of arbitrary files and URLs to a PDF |
| CVE-2024-28180 | 2024-03-09 | Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) |
| CVE-2024-25951 | 2024-03-09 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. |
| CVE-2024-1124 | 2024-03-09 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions... |
| CVE-2024-1123 | 2024-03-09 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all... |
| CVE-2024-1320 | 2024-03-09 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due... |
| CVE-2024-1125 | 2024-03-09 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all... |
| CVE-2024-1767 | 2024-03-09 | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output... |
| CVE-2024-2329 | 2024-03-09 | Netentsec NS-ASG Application Security Gateway sql injection |
| CVE-2024-2330 | 2024-03-09 | Netentsec NS-ASG Application Security Gateway index.php sql injection |
| CVE-2024-1870 | 2024-03-09 | The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and... |
| CVE-2024-2331 | 2024-03-09 | SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow |
| CVE-2024-2332 | 2024-03-09 | SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection |
| CVE-2024-2333 | 2024-03-09 | CodeAstro Membership Management System add_members.php sql injection |
| CVE-2024-2351 | 2024-03-09 | CodeAstro Ecommerce Site Search action.php sql injection |
| CVE-2024-28757 | 2024-03-10 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). |
| CVE-2024-2352 | 2024-03-10 | 1Panel swap baseApi.UpdateDeviceSwap command injection |
| CVE-2024-2353 | 2024-03-10 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection |
| CVE-2024-2354 | 2024-03-10 | Dreamer CMS toEdit cross-site request forgery |
| CVE-2024-2355 | 2024-03-10 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code |
| CVE-2024-2363 | 2024-03-10 | AOL AIM Triton Invite denial of service |
| CVE-2024-2313 | 2024-03-10 | If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux... |