CVE-2023-32391

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Related Vulnerabilities

CVE-2018-14780

MEDIUM
CVSS:4.6(Medium)

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw =...

CWE-1252018

CVE-2018-19985

MEDIUM
CVSS:4.6(Medium)

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-o...

CWE-1252018

CVE-2021-1897

MEDIUM
CVSS:4.6(Medium)

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna...

CWE-1252021

CVE-2021-1898

MEDIUM
CVSS:4.6(Medium)

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...

CWE-1252021

CVE-2021-1899

MEDIUM
CVSS:4.6(Medium)

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-1252021

CVE-2021-1901

MEDIUM
CVSS:4.6(Medium)

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

CWE-1252021