Total
11879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42901 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42873 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-42871 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-42848 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2023-40163 | 1 Accusoft | 1 Imagegear | 2025-11-04 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-38610 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 7.1 HIGH |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-35984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | |||||
| CVE-2023-35968 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | |||||
| CVE-2023-35967 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | |||||
| CVE-2023-35966 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | |||||
| CVE-2023-35965 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | |||||
| CVE-2023-34426 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-34365 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-34346 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-34319 | 3 Debian, Linux, Xen | 3 Debian Linux, Linux Kernel, Xen | 2025-11-04 | N/A | 7.8 HIGH |
| The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. | |||||
| CVE-2023-32653 | 1 Accusoft | 1 Imagegear | 2025-11-04 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2023-32614 | 1 Accusoft | 1 Imagegear | 2025-11-04 | N/A | 7.0 HIGH |
| A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-32284 | 1 Accusoft | 1 Imagegear | 2025-11-04 | N/A | 8.1 HIGH |
| An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-31272 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||