CVEs from 2023
Total
6,124
critical
critical 239
high
high 1,503
medium
medium 1,409
low
low 31
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | high | 7.5 | 10.0 | 3y ago | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||
| CVE-2023-4911 | high | 7.8 | 10.0 | 3y ago | GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileg… | |||
| CVE-2023-0386 | high | — | 10.0 | 3y ago | Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsyst… | |||
| CVE-2023-43000 | high | — | 9.5 | 2y ago | Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | |||
| CVE-2023-42917 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTM… | |||
| CVE-2023-5217 | high | — | 9.5 | 3y ago | Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability c… | |||
| CVE-2023-4863 | high | — | 9.5 | 3y ago | Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect … | |||
| CVE-2023-38180 | high | — | 9.5 | 3y ago | Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS). | |||
| CVE-2023-32439 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML p… | |||
| CVE-2023-32435 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTM… | |||
| CVE-2023-37450 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |||
| CVE-2023-41993 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |||
| CVE-2023-42916 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability cou… | |||
| CVE-2023-32373 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability coul… | |||
| CVE-2023-28204 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vu… | |||
| CVE-2023-28205 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML p… | |||
| CVE-2023-0266 | high | — | 9.5 | 3y ago | Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. | |||
| CVE-2023-23529 | high | — | 9.5 | 3y ago | Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pa… | |||
| CVE-2023-20867 | low | — | 4.0 | 3y ago | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the… |