Export limit exceeded: 14753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4328 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2025-11-04 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
CVE-2023-4327 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2025-11-04 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4326 1 Broadcom 2 Lsi Storage Authority, Raid Controller Web Interface 2025-11-04 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4325 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4324 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4323 1 Broadcom 1 Raid Controller Web Interface 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-47235 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 6.8 Medium
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2023-47234 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVE-2023-46753 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2025-11-04 5.9 Medium
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
CVE-2023-46752 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2025-11-04 5.9 Medium
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46303 1 Calibre-ebook 1 Calibre 2025-11-04 7.5 High
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVE-2023-38407 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-38406 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 9.8 Critical
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-32559 2 Nodejs, Redhat 4 Node.js, Nodejs, Enterprise Linux and 1 more 2025-11-04 7.5 High
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-30590 2 Nodejs, Redhat 3 Node.js, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.
CVE-2023-30589 3 Fedoraproject, Nodejs, Redhat 4 Fedora, Node.js, Enterprise Linux and 1 more 2025-11-04 7.5 High
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
CVE-2023-30577 1 Zmanda 1 Amanda 2025-11-04 7.8 High
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
CVE-2023-29007 3 Fedoraproject, Git-scm, Redhat 7 Fedora, Git, Enterprise Linux and 4 more 2025-11-04 7 High
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
CVE-2023-28756 4 Debian, Fedoraproject, Redhat and 1 more 6 Debian Linux, Fedora, Enterprise Linux and 3 more 2025-11-04 5.3 Medium
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
CVE-2023-27585 1 Teluu 1 Pjsip 2025-11-04 7.5 High
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.