Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45922 | 1 Mesa3d | 1 Mesa | 2025-11-04 | N/A | 4.3 MEDIUM |
| glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2023-45920 | 1 Xfig Project | 1 Xfig | 2025-11-04 | N/A | 4.2 MEDIUM |
| Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager. | |||||
| CVE-2023-45919 | 1 Mesa3d | 1 Mesa | 2025-11-04 | N/A | 5.3 MEDIUM |
| Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2023-45913 | 1 Mesa3d | 1 Mesa | 2025-11-04 | N/A | 6.2 MEDIUM |
| Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. | |||||
| CVE-2023-45744 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 8.3 HIGH |
| A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-45318 | 2 Silabs, Weston-embedded | 2 Gecko Software Development Kit, Uc-http | 2025-11-04 | N/A | 10.0 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-45288 | 2025-11-04 | N/A | 7.5 HIGH | ||
| An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | |||||
| CVE-2023-45237 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 5.3 MEDIUM |
| EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | |||||
| CVE-2023-45236 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 5.8 MEDIUM |
| EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | |||||
| CVE-2023-45235 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 8.3 HIGH |
| EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | |||||
| CVE-2023-45234 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 8.3 HIGH |
| EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | |||||
| CVE-2023-45233 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 7.5 HIGH |
| EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. | |||||
| CVE-2023-45232 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 7.5 HIGH |
| EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. | |||||
| CVE-2023-45231 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 6.5 MEDIUM |
| EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | |||||
| CVE-2023-45230 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 8.3 HIGH |
| EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | |||||
| CVE-2023-45229 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 6.5 MEDIUM |
| EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | |||||
| CVE-2023-45209 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-44821 | 1 Lcdf | 1 Gifsicle | 2025-11-04 | N/A | 5.5 MEDIUM |
| Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line. | |||||
| CVE-2023-44031 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-11-04 | N/A | 7.5 HIGH |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | |||||
| CVE-2023-43491 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||