CVEs from 2023
Total
6,107
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4053 | high | — | 8.0 | 3y ago | A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofi… | |||
| CVE-2023-4051 | high | — | 8.0 | 3y ago | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116… | |||
| CVE-2023-32360 | high | — | 8.0 | 3y ago | RHSA-2023:4864: cups security update (Important) | |||
| CVE-2023-3899 | high | — | 8.0 | 3y ago | RHSA-2023:4706: subscription-manager security update (Important) | |||
| CVE-2023-35390 | high | — | 8.0 | 3y ago | RHSA-2023:4645: .NET 6.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-38497 | high | — | 8.0 | 3y ago | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate arc… | |||
| CVE-2023-40267 | high | — | 8.0 | 3y ago | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | |||
| CVE-2023-33953 | high | — | 8.0 | 3y ago | Excessive Iteration in gRPC | |||
| CVE-2023-1281 | high | — | 8.0 | 3y ago | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause … | |||
| CVE-2023-1829 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly d… | |||
| CVE-2023-38403 | high | — | 8.0 | 3y ago | RHSA-2023:4570: iperf3 security update (Important) | |||
| CVE-2023-3417 | high | — | 8.0 | 3y ago | RHSA-2023:4497: thunderbird security update (Important) | |||
| CVE-2023-4048 | high | — | 8.0 | 3y ago | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR… | |||
| CVE-2023-4056 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume tha… | |||
| CVE-2023-4055 | high | — | 8.0 | 3y ago | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused request… | |||
| CVE-2023-4049 | high | — | 8.0 | 3y ago | Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox … | |||
| CVE-2023-4045 | high | — | 8.0 | 3y ago | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox… | |||
| CVE-2023-4047 | high | — | 8.0 | 3y ago | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, a… | |||
| CVE-2023-4046 | high | — | 8.0 | 3y ago | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process… | |||
| CVE-2023-4050 | high | — | 8.0 | 3y ago | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulner… | |||
| CVE-2023-4057 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2023-35788 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-3090 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-38408 | high | — | 8.0 | 3y ago | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Co… | |||
| CVE-2023-0458 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-37464 | high | — | 8.0 | 3y ago | RHSA-2023:4418: mod_auth_openidc:2.3 security update (Important) | |||
| CVE-2023-35074 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code … | |||
| CVE-2023-28198 | high | — | 8.0 | 3y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||
| CVE-2023-38594 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web co… | |||
| CVE-2023-38595 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary co… | |||
| CVE-2023-41074 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | |||
| CVE-2023-2828 | high | — | 8.0 | 3y ago | RHSA-2023:4102: bind security update (Important) | |||
| CVE-2023-37207 | high | — | 8.0 | 3y ago | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofin… | |||
| CVE-2023-37211 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2023-37201 | high | — | 8.0 | 3y ago | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||
| CVE-2023-37202 | high | — | 8.0 | 3y ago | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects F… | |||
| CVE-2023-37208 | high | — | 8.0 | 3y ago | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||
| CVE-2023-1428 | high | — | 8.0 | 3y ago | gRPC Reachable Assertion issue | |||
| CVE-2023-32731 | high | — | 8.0 | 3y ago | Connection confusion in gRPC | |||
| CVE-2023-36053 | high | — | 8.0 | 3y ago | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large num… | |||
| CVE-2023-2002 | high | — | 8.0 | 3y ago | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution o… | |||
| CVE-2023-54325 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a dat… | |||
| CVE-2023-32233 | high | — | 8.0 | 3y ago | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged l… | |||
| CVE-2023-2124 | high | — | 8.0 | 3y ago | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to cras… | |||
| CVE-2023-2194 | high | — | 8.0 | 3y ago | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the si… | |||
| CVE-2023-2235 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings… | |||
| CVE-2023-32700 | high | — | 8.0 | 3y ago | Important: texlive security update | |||
| CVE-2023-34620 | high | — | 8.0 | 3y ago | hjson stack exhaustion vulnerability | |||
| CVE-2023-32032 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-31147 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-31130 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-31124 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-29337 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-24936 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-33128 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-29331 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-24329 | high | — | 8.0 | 3y ago | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||
| CVE-2023-34416 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2023-34414 | high | — | 8.0 | 3y ago | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If… | |||
| CVE-2023-32067 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-24805 | high | — | 8.0 | 3y ago | RHSA-2023:3425: cups-filters security update (Important) | |||
| CVE-2023-24532 | high | — | 8.0 | 3y ago | RHSA-2023:3319: go-toolset:rhel8 security update (Important) | |||
| CVE-2023-25652 | high | — | 8.0 | 3y ago | RHSA-2023:3246: git security update (Important) | |||
| CVE-2023-23946 | high | — | 8.0 | 3y ago | RHSA-2023:3246: git security update (Important) | |||
| CVE-2023-22490 | high | — | 8.0 | 3y ago | RHSA-2023:3246: git security update (Important) | |||
| CVE-2023-29007 | high | — | 8.0 | 3y ago | RHSA-2023:3246: git security update (Important) | |||
| CVE-2023-25815 | high | — | 8.0 | 3y ago | RHSA-2023:3246: git security update (Important) | |||
| CVE-2023-2295 | high | — | 8.0 | 3y ago | RHSA-2023:3107: libreswan security update (Important) | |||
| CVE-2023-32207 | high | — | 8.0 | 3y ago | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thund… | |||
| CVE-2023-32205 | high | — | 8.0 | 3y ago | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox <… | |||
| CVE-2023-32206 | high | — | 8.0 | 3y ago | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||
| CVE-2023-32212 | high | — | 8.0 | 3y ago | An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||
| CVE-2023-1582 | high | — | 8.0 | 3y ago | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | |||
| CVE-2023-32211 | high | — | 8.0 | 3y ago | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||
| CVE-2023-32215 | high | — | 8.0 | 3y ago | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefo… | |||
| CVE-2023-32213 | high | — | 8.0 | 3y ago | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||
| CVE-2023-23454 | high | — | 8.0 | 3y ago | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can somet… | |||
| CVE-2023-21879 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-53809 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() When a file descriptor of pppol2tp socket is passed as file des… | |||
| CVE-2023-21873 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21874 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21875 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21876 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21881 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-22998 | high | — | 8.0 | 3y ago | In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an… | |||
| CVE-2023-53083 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rq_pages if it's a continuation of last page The splice read calls nfsd_splice_actor to put the pages… | |||
| CVE-2023-53030 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning whe… | |||
| CVE-2023-2513 | high | — | 8.0 | 3y ago | A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cau… | |||
| CVE-2023-53634 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPF_TRAMP_F_CALL_ORIG is set, BPF trampoline uses BLR to jump… | |||
| CVE-2023-53021 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense u… | |||
| CVE-2023-21963 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21864 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-53020 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modi… | |||
| CVE-2023-21883 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-25363 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||
| CVE-2023-25362 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||
| CVE-2023-52905 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and ha… | |||
| CVE-2023-25360 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||
| CVE-2023-25358 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||
| CVE-2023-53606 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath There are two different flavors of the nfsd4_copy struct. One … |