Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29996 1 Emqx 1 Nanomq 2025-01-29 7.5 High
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.
CVE-2023-29995 1 Emqx 1 Nanomq 2025-01-29 7.5 High
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
CVE-2023-29994 1 Emqx 1 Nanomq 2025-01-29 7.5 High
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.
CVE-2023-29842 1 Churchcrm 1 Churchcrm 2025-01-29 8.8 High
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
CVE-2023-29659 2 Fedoraproject, Struktur 2 Fedora, Libheif 2025-01-29 6.5 Medium
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
CVE-2023-27965 1 Apple 3 Macos, Studio Display, Studio Display Firmware 2025-01-29 7.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-27963 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-01-29 7.5 High
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2023-27962 1 Apple 1 Macos 2025-01-29 5.5 Medium
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system.
CVE-2023-27961 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-01-29 5.5 Medium
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.
CVE-2023-27959 1 Apple 2 Ipados, Iphone Os 2025-01-29 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-27944 1 Apple 1 Macos 2025-01-29 8.6 High
This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox.
CVE-2023-27941 1 Apple 3 Ipados, Iphone Os, Macos 2025-01-29 5.5 Medium
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.
CVE-2023-27938 1 Apple 1 Macos 2025-01-29 7.8 High
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution.
CVE-2023-27937 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-01-29 7.8 High
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.
CVE-2023-27936 1 Apple 3 Ipados, Iphone Os, Macos 2025-01-29 7.8 High
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory.
CVE-2023-21484 1 Samsung 1 Android 2025-01-29 5.1 Medium
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
CVE-2023-31976 1 Libming 1 Libming 2025-01-29 8.8 High
libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.
CVE-2023-31975 1 Yasm Project 1 Yasm 2025-01-29 3.3 Low
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
CVE-2023-31972 1 Tortall 1 Yasm 2025-01-29 5.5 Medium
yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
CVE-2023-31807 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.