U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE

Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact nvd@nist.gov .

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-46706 - A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-38858 - Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.
    Published: August 15, 2023; 1:15:11 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-38857 - Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.
    Published: August 15, 2023; 1:15:11 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-38856 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.
    Published: August 15, 2023; 1:15:11 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-38855 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.
    Published: August 15, 2023; 1:15:11 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-38854 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.
    Published: August 15, 2023; 1:15:11 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-38853 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.
    Published: August 15, 2023; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-38851 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.
    Published: August 15, 2023; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-28479 - An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system an... read CVE-2023-28479
    Published: August 15, 2023; 10:15:09 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-28179 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2022-46725 - A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-46724 - This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 2.4 LOW

  • CVE-2022-46722 - A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-28198 - A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-38852 - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
    Published: August 15, 2023; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-28199 - An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-27948 - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-27939 - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48503 - The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-27947 - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
    Published: August 14, 2023; 7:15:10 PM -0400

    V3.1: 5.5 MEDIUM