CVEs from 2023
Total
6,120
critical
critical 239
high
high 1,529
medium
medium 1,388
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3341 | high | — | 8.0 | 3y ago | Important: bind security update | |||
| CVE-2023-5157 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2023-44488 | high | — | 8.0 | 3y ago | RHSA-2023:6194: thunderbird security update (Important) | |||
| CVE-2023-40217 | high | — | 8.0 | 3y ago | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authenti… | |||
| CVE-2023-36664 | high | — | 8.0 | 3y ago | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | |||
| CVE-2023-3600 | high | — | 8.0 | 3y ago | During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0… | |||
| CVE-2023-5176 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2023-5171 | high | — | 8.0 | 3y ago | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerabil… | |||
| CVE-2023-5169 | high | — | 8.0 | 3y ago | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vul… | |||
| CVE-2023-32559 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-32002 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-32006 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-41419 | high | — | 8.0 | 3y ago | RHSA-2024:8834: python-gevent security update (Important) | |||
| CVE-2023-20900 | high | — | 8.0 | 3y ago | RHSA-2023:5312: open-vm-tools security update (Important) | |||
| CVE-2023-38802 | high | — | 8.0 | 3y ago | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | |||
| CVE-2023-53769 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which… | |||
| CVE-2023-31248 | high | — | 8.0 | 3y ago | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespa… | |||
| CVE-2023-4147 | high | — | 8.0 | 3y ago | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the sy… | |||
| CVE-2023-3390 | high | — | 8.0 | 3y ago | A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a danglin… | |||
| CVE-2023-1637 | high | — | 8.0 | 3y ago | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming C… | |||
| CVE-2023-4004 | high | — | 8.0 | 3y ago | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a loc… | |||
| CVE-2023-53556 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in free_netdev We do netif_napi_add() for all allocated q_vectors[], but potentially do netif_napi_del()… | |||
| CVE-2023-3610 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-af… | |||
| CVE-2023-21102 | high | — | 8.0 | 3y ago | In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additiona… | |||
| CVE-2023-3776 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately … | |||
| CVE-2023-3354 | high | — | 8.0 | 3y ago | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the … | |||
| CVE-2023-35001 | high | — | 8.0 | 3y ago | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | |||
| CVE-2023-44466 | high | — | 8.0 | 3y ago | An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of t… | |||
| CVE-2023-53383 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 The T241 platform suffers from the T241-FABRIC-4 erratum which causes … | |||
| CVE-2023-5129 | high | — | 8.0 | 3y ago | RHSA-2023:5309: libwebp security update (Important) | |||
| CVE-2023-23908 | high | — | 8.0 | 3y ago | RHEA-2023:4995: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2023-4585 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2023-4580 | high | — | 8.0 | 3y ago | Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115… | |||
| CVE-2023-4584 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume tha… | |||
| CVE-2023-4583 | high | — | 8.0 | 3y ago | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for… | |||
| CVE-2023-4575 | high | — | 8.0 | 3y ago | When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of th… | |||
| CVE-2023-4051 | high | — | 8.0 | 3y ago | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116… | |||
| CVE-2023-4053 | high | — | 8.0 | 3y ago | A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofi… | |||
| CVE-2023-4573 | high | — | 8.0 | 3y ago | When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affec… | |||
| CVE-2023-4574 | high | — | 8.0 | 3y ago | When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of t… | |||
| CVE-2023-4578 | high | — | 8.0 | 3y ago | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none i… | |||
| CVE-2023-4581 | high | — | 8.0 | 3y ago | Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects … | |||
| CVE-2023-4577 | high | — | 8.0 | 3y ago | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable cras… | |||
| CVE-2023-32360 | high | — | 8.0 | 3y ago | RHSA-2023:4864: cups security update (Important) | |||
| CVE-2023-3899 | high | — | 8.0 | 3y ago | RHSA-2023:4706: subscription-manager security update (Important) | |||
| CVE-2023-35390 | high | — | 8.0 | 3y ago | RHSA-2023:4645: .NET 6.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-38497 | high | — | 8.0 | 3y ago | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate arc… | |||
| CVE-2023-40267 | high | — | 8.0 | 3y ago | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | |||
| CVE-2023-33953 | high | — | 8.0 | 3y ago | Excessive Iteration in gRPC | |||
| CVE-2023-38403 | high | — | 8.0 | 3y ago | RHSA-2023:4570: iperf3 security update (Important) | |||
| CVE-2023-1829 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly d… | |||
| CVE-2023-1281 | high | — | 8.0 | 3y ago | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause … | |||
| CVE-2023-3417 | high | — | 8.0 | 3y ago | RHSA-2023:4497: thunderbird security update (Important) | |||
| CVE-2023-4048 | high | — | 8.0 | 3y ago | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR… | |||
| CVE-2023-4050 | high | — | 8.0 | 3y ago | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulner… | |||
| CVE-2023-4045 | high | — | 8.0 | 3y ago | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox… | |||
| CVE-2023-4047 | high | — | 8.0 | 3y ago | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, a… | |||
| CVE-2023-4046 | high | — | 8.0 | 3y ago | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process… | |||
| CVE-2023-4057 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2023-4049 | high | — | 8.0 | 3y ago | Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox … | |||
| CVE-2023-4056 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume tha… | |||
| CVE-2023-4055 | high | — | 8.0 | 3y ago | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused request… | |||
| CVE-2023-38408 | high | — | 8.0 | 3y ago | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Co… | |||
| CVE-2023-0458 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-3090 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-35788 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-37464 | high | — | 8.0 | 3y ago | RHSA-2023:4418: mod_auth_openidc:2.3 security update (Important) | |||
| CVE-2023-35074 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code … | |||
| CVE-2023-28198 | high | — | 8.0 | 3y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||
| CVE-2023-38595 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary co… | |||
| CVE-2023-38594 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web co… | |||
| CVE-2023-41074 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | |||
| CVE-2023-2828 | high | — | 8.0 | 3y ago | RHSA-2023:4102: bind security update (Important) | |||
| CVE-2023-37201 | high | — | 8.0 | 3y ago | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||
| CVE-2023-37211 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2023-37208 | high | — | 8.0 | 3y ago | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||
| CVE-2023-37202 | high | — | 8.0 | 3y ago | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects F… | |||
| CVE-2023-37207 | high | — | 8.0 | 3y ago | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofin… | |||
| CVE-2023-1428 | high | — | 8.0 | 3y ago | gRPC Reachable Assertion issue | |||
| CVE-2023-32731 | high | — | 8.0 | 3y ago | Connection confusion in gRPC | |||
| CVE-2023-36053 | high | — | 8.0 | 3y ago | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large num… | |||
| CVE-2023-54325 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a dat… | |||
| CVE-2023-2194 | high | — | 8.0 | 3y ago | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the si… | |||
| CVE-2023-2002 | high | — | 8.0 | 3y ago | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution o… | |||
| CVE-2023-2235 | high | — | 8.0 | 3y ago | A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings… | |||
| CVE-2023-32233 | high | — | 8.0 | 3y ago | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged l… | |||
| CVE-2023-2124 | high | — | 8.0 | 3y ago | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to cras… | |||
| CVE-2023-32700 | high | — | 8.0 | 3y ago | Important: texlive security update | |||
| CVE-2023-34620 | high | — | 8.0 | 3y ago | hjson stack exhaustion vulnerability | |||
| CVE-2023-31147 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-31124 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-31130 | high | — | 8.0 | 3y ago | Important: nodejs security update | |||
| CVE-2023-24936 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-29331 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-33128 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-32032 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-24329 | high | — | 8.0 | 3y ago | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||
| CVE-2023-34414 | high | — | 8.0 | 3y ago | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If… | |||
| CVE-2023-29337 | high | — | 8.0 | 3y ago | RHSA-2023:3593: .NET 7.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-34416 | high | — | 8.0 | 3y ago | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… |