Total
13156 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42871 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-42848 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2025-11-04 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption. | ||||
| CVE-2023-40163 | 1 Accusoft | 1 Imagegear | 2025-11-04 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-38610 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 7.1 High |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2023-35984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | ||||
| CVE-2023-35968 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | ||||
| CVE-2023-35967 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | ||||
| CVE-2023-35966 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | ||||
| CVE-2023-35965 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | ||||
| CVE-2023-34426 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-34365 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-34346 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-34325 | 1 Xen | 1 Xen | 2025-11-04 | 7.8 High |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.") CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub. | ||||
| CVE-2023-34319 | 3 Debian, Linux, Xen | 3 Debian Linux, Linux Kernel, Xen | 2025-11-04 | 7.8 High |
| The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. | ||||
| CVE-2023-32653 | 1 Accusoft | 1 Imagegear | 2025-11-04 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2023-32614 | 1 Accusoft | 1 Imagegear | 2025-11-04 | 7 High |
| A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-32284 | 1 Accusoft | 1 Imagegear | 2025-11-04 | 8.1 High |
| An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-31272 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 8.8 High |
| A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-28393 | 1 Accusoft | 1 Imagegear | 2025-11-04 | 5.6 Medium |
| A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||