Search

Search Results (363167 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46841 2 Fedoraproject, Xen 2 Fedora, Xen 2025-11-04 6.5 Medium
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing.
CVE-2023-46838 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2025-11-04 7.5 High
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.
CVE-2023-46837 1 Xen 1 Xen 2025-11-04 3.3 Low
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.
CVE-2023-46683 1 Tp-link 2 Er7206, Er7206 Firmware 2025-11-04 7.2 High
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-46052 1 Sane-project 1 Sane Backends 2025-11-04 7.1 High
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
CVE-2023-46047 1 Sane-project 1 Sane Backends 2025-11-04 7.3 High
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
CVE-2023-46045 1 Graphviz 1 Graphviz 2025-11-04 7.8 High
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
CVE-2023-46009 1 Lcdf 1 Gifsicle 2025-11-04 7.8 High
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.
CVE-2023-45931 1 Mesa3d 1 Mesa 2025-11-04 7.5 High
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVE-2023-45927 2 Jedsoft, S-lang 2 S-lang, S-lang 2025-11-04 9.1 Critical
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
CVE-2023-45922 1 Mesa3d 1 Mesa 2025-11-04 4.3 Medium
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
CVE-2023-45920 1 Xfig Project 1 Xfig 2025-11-04 4.2 Medium
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.
CVE-2023-45919 1 Mesa3d 1 Mesa 2025-11-04 5.3 Medium
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
CVE-2023-45913 1 Mesa3d 1 Mesa 2025-11-04 6.2 Medium
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVE-2023-45744 1 Peplink 2 Smart Reader, Smart Reader Firmware 2025-11-04 8.3 High
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2023-45318 2 Silabs, Weston-embedded 3 Gecko Platform, Gecko Software Development Kit, Uc-http 2025-11-04 10 Critical
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-45237 2 Redhat, Tianocore 3 Enterprise Linux, Rhel Eus, Edk2 2025-11-04 5.3 Medium
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
CVE-2023-45236 2 Redhat, Tianocore 3 Enterprise Linux, Rhel Eus, Edk2 2025-11-04 5.8 Medium
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
CVE-2023-45235 2 Redhat, Tianocore 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-11-04 8.3 High
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
CVE-2023-45234 2 Redhat, Tianocore 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-11-04 8.3 High
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.