Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2025-11-04 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.
|
|||||
| CVE-2023-49738 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 7.5 HIGH |
|
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.
|
|||||
| CVE-2023-49594 | 1 Michaelkelly | 1 Duouniversalkeycloakauthenticator | 2025-11-04 | N/A | 4.5 MEDIUM |
|
An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.
|
|||||
| CVE-2023-49074 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.4 HIGH |
|
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
|
|||||
| CVE-2023-46052 | 1 Sane-project | 1 Sane Backends | 2025-11-04 | N/A | 7.1 HIGH |
|
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
|
|||||
| CVE-2023-45744 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 8.3 HIGH |
|
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-45209 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 5.3 MEDIUM |
|
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-43491 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 5.3 MEDIUM |
|
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-42940 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.7 MEDIUM |
|
A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.
|
|||||
| CVE-2023-42937 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.
|
|||||
| CVE-2023-42935 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.
|
|||||
| CVE-2023-42888 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.
|
|||||
| CVE-2023-42887 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 6.3 MEDIUM |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.
|
|||||
| CVE-2023-41707 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 6.5 MEDIUM |
|
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
|
|||||
| CVE-2023-41706 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 6.5 MEDIUM |
|
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
|
|||||
| CVE-2023-41705 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 6.5 MEDIUM |
|
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
|
|||||
| CVE-2023-40528 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2023-40389 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
|
|||||
| CVE-2023-39804 | 1 Gnu | 1 Tar | 2025-11-04 | N/A | 6.2 MEDIUM |
|
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
|
|||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-11-04 | N/A | 9.8 CRITICAL |
|
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.
|
|||||
| CVE-2023-38745 | 2 Debian, Pandoc | 2 Debian Linux, Pandoc | 2025-11-04 | N/A | 6.3 MEDIUM |
|
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists beca ...
Show More |
|||||
| CVE-2023-29323 | 2 Openbsd, Opensmtpd | 2 Openbsd, Opensmtpd | 2025-11-04 | N/A | 7.8 HIGH |
|
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
|
|||||
| CVE-2023-28826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
|
|||||
| CVE-2023-28531 | 2 Netapp, Openbsd | 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more | 2025-11-04 | N/A | 9.8 CRITICAL |
|
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
|
|||||
| CVE-2025-21988 | 1 Linux | 1 Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
fs/netfs/read_collect: add to next->prev_donated
If multiple subrequests donate data to the same "next" request
(depending on the subrequest completion order), each of them would
overwrite the `prev_donated` field, causing data corruption and a
BUG() crash ("Can't donate prior to front").
|
|||||
| CVE-2024-40836 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user.
|
|||||
| CVE-2024-40835 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.
|
|||||
| CVE-2024-40834 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 4.4 MEDIUM |
|
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
|
|||||
| CVE-2024-40833 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
|
|||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 3.3 LOW |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.
|
|||||
| CVE-2024-40829 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 4.6 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted content from the lock screen.
|
|||||
| CVE-2024-40828 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2024-40827 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files.
|
|||||
| CVE-2024-40824 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2024-40823 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-40822 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 2.4 LOW |
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access contacts from the lock screen.
|
|||||
| CVE-2024-40821 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.1 HIGH |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.
|
|||||
| CVE-2024-40818 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 4.6 MEDIUM |
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An attacker with physical access may be able to use Siri to access sensitive user data.
|
|||||
| CVE-2024-40814 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.1 HIGH |
|
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-11-04 | N/A | 4.6 MEDIUM |
|
A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data.
|
|||||