Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4334 1 Broadcom 1 Raid Controller Web Interface 2025-11-04 7.5 High
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4333 2 Broadcom, Microsoft 2 Raid Controller Web Interface, Windows 2025-11-04 5.5 Medium
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
CVE-2023-4332 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 7.5 High
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2023-4331 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
CVE-2023-4329 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
CVE-2023-4328 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2025-11-04 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
CVE-2023-4327 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2025-11-04 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4326 1 Broadcom 2 Lsi Storage Authority, Raid Controller Web Interface 2025-11-04 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4325 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4324 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4323 1 Broadcom 1 Raid Controller Web Interface 2025-11-04 9.8 Critical
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-47235 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 6.8 Medium
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2023-47234 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVE-2023-46753 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2025-11-04 5.9 Medium
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
CVE-2023-46752 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2025-11-04 5.9 Medium
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46303 1 Calibre-ebook 1 Calibre 2025-11-04 7.5 High
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVE-2023-38407 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-38406 2 Frrouting, Redhat 3 Frrouting, Enterprise Linux, Rhel Eus 2025-11-04 9.8 Critical
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-32559 2 Nodejs, Redhat 4 Node.js, Nodejs, Enterprise Linux and 1 more 2025-11-04 7.5 High
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-30590 2 Nodejs, Redhat 3 Node.js, Enterprise Linux, Rhel Eus 2025-11-04 7.5 High
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.