CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2722 | unknown | — | — | — | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2023-2931 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2023-2932 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2023-2934 | unknown | — | — | — | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-3598 | unknown | — | — | — | Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2023-3734 | unknown | — | — | — | Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page… | |||
| CVE-2023-6511 | unknown | — | — | — | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2023-6702 | unknown | — | — | — | Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-6703 | unknown | — | — | — | Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-6512 | unknown | — | — | — | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML … | |||
| CVE-2023-7011 | unknown | — | — | — | Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium… | |||
| CVE-2023-28177 | unknown | — | — | — | Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-29537 | unknown | — | — | — | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112,… | |||
| CVE-2023-29531 | unknown | — | — | — | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for ma… | |||
| CVE-2023-23600 | unknown | — | — | — | Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be d… | |||
| CVE-2023-25747 | unknown | — | — | — | A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox ar… | |||
| CVE-2023-3733 | unknown | — | — | — | Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (… | |||
| CVE-2023-45024 | unknown | — | — | — | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | |||
| CVE-2023-6213 | unknown | — | — | — | Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-1821 | unknown | — | — | — | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium… | |||
| CVE-2023-2935 | unknown | — | — | — | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-4764 | unknown | — | — | — | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity… | |||
| CVE-2023-53328 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance sanity check while generating attr_list ni_create_attr_list uses WARN_ON to catch error cases while generating … | |||
| CVE-2023-38560 | unknown | — | — | — | An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PD… | |||
| CVE-2023-45919 | unknown | — | — | — | Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with a… | |||
| CVE-2023-53841 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: devlink: report devlink_port_type_warn source device devlink_port_type_warn is scheduled for port devlink and warning when the po… | |||
| CVE-2023-34415 | unknown | — | — | — | When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redire… | |||
| CVE-2023-54080 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time… | |||
| CVE-2023-27478 | unknown | — | — | — | libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due… | |||
| CVE-2023-32763 | unknown | — | — | — | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be trigger… | |||
| CVE-2023-53685 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported [0] memory leaks of sk and skb related to the TUN device with no… | |||
| CVE-2023-5726 | unknown | — | — | — | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS o… | |||
| CVE-2023-42670 | unknown | — | — | — | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experienc… | |||
| CVE-2023-2137 | unknown | — | — | — | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2023-0614 | unknown | — | — | — | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery k… | |||
| CVE-2023-0922 | unknown | — | — | — | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | |||
| CVE-2023-1232 | unknown | — | — | — | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chr… | |||
| CVE-2023-1814 | unknown | — | — | — | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security s… | |||
| CVE-2023-52906 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has … | |||
| CVE-2023-25733 | unknown | — | — | — | The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. | |||
| CVE-2023-25745 | unknown | — | — | — | Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-29534 | unknown | — | — | — | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects F… | |||
| CVE-2023-32209 | unknown | — | — | — | A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | |||
| CVE-2023-32210 | unknown | — | — | — | Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause… | |||
| CVE-2023-32216 | unknown | — | — | — | Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evide… | |||
| CVE-2023-37209 | unknown | — | — | — | A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitabl… | |||
| CVE-2023-3482 | unknown | — | — | — | When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious web… | |||
| CVE-2023-37204 | unknown | — | — | — | A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spo… | |||
| CVE-2023-37206 | unknown | — | — | — | Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. | |||
| CVE-2023-1289 | unknown | — | — | 3mo ago | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file … | |||
| CVE-2023-54164 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat… | |||
| CVE-2023-54130 | unknown | — | — | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit… | |||
| CVE-2023-38693 | unknown | — | — | 1y ago | Lucee RCE/XXE Vulnerability | |||
| CVE-2023-25574 | unknown | — | — | 1y ago | LTI JupyterHub Authenticator does not properly validate JWT Signature | |||
| CVE-2023-0482 | unknown | — | — | 1y ago | Insecure Temporary File in RESTEasy | |||
| CVE-2023-37940 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page | |||
| CVE-2023-4639 | unknown | — | — | 2y ago | Undertow incorrectly parses cookies | |||
| CVE-2023-1419 | unknown | — | — | 2y ago | Debezium database connector has a script injection vulnerability | |||
| CVE-2023-1932 | unknown | — | — | 2y ago | hibernate-validator Cross-site Scripting vulnerability | |||
| CVE-2023-1973 | unknown | — | — | 2y ago | Undertow Denial of Service vulnerability | |||
| CVE-2023-50780 | unknown | — | — | 2y ago | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | |||
| CVE-2023-25581 | unknown | — | — | 2y ago | pac4j-core affected by a Java deserialization vulnerability | |||
| CVE-2023-30464 | unknown | — | — | 2y ago | CoreDNS Cache Poisoning via a birthday attack | |||
| CVE-2023-6841 | unknown | — | — | 2y ago | Keycloak Denial of Service vulnerability | |||
| CVE-2023-49198 | unknown | — | — | 2y ago | Apache SeaTunnel SQL Injection vulnerability | |||
| CVE-2023-45146 | unknown | — | — | 2y ago | XXL-RPC Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-42809 | unknown | — | — | 2y ago | Redisson vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-28857 | unknown | — | — | 2y ago | Apereo CAS vulnerable to credential leaks for LDAP authentication | |||
| CVE-2023-48396 | unknown | — | — | 2y ago | Apache SeaTunnel Web Authentication vulnerability | |||
| CVE-2023-49921 | unknown | — | — | 2y ago | Elasticsearch Insertion of Sensitive Information into Log File | |||
| CVE-2023-48362 | unknown | — | — | 2y ago | XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill | |||
| CVE-2023-7272 | unknown | — | — | 2y ago | Eclipse Parsson stack overflow when parsing deeply nested input | |||
| CVE-2023-52291 | unknown | — | — | 2y ago | Apache StreamPark: Unchecked maven build params could trigger remote command execution | |||
| CVE-2023-49566 | unknown | — | — | 2y ago | Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability | |||
| CVE-2023-41916 | unknown | — | — | 2y ago | Apache Linkis DataSource allows arbitrary file reading | |||
| CVE-2023-46801 | unknown | — | — | 2y ago | Apache Linkis DataSource remote code execution vulnerability | |||
| CVE-2023-46442 | unknown | — | — | 2y ago | Soot Infinite Loop vulnerability | |||
| CVE-2023-35701 | unknown | — | — | 2y ago | Apache Hive Code Injection vulnerability | |||
| CVE-2023-46565 | unknown | — | — | 2y ago | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go. | |||
| CVE-2023-0657 | unknown | — | — | 2y ago | Keycloak vulnerable to impersonation via logout token exchange | |||
| CVE-2023-6787 | unknown | — | — | 2y ago | Keycloak vulnerable to session hijacking via re-authentication | |||
| CVE-2023-6484 | unknown | — | — | 2y ago | Keycloak vulnerable to log Injection during WebAuthn authentication or registration | |||
| CVE-2023-6544 | unknown | — | — | 2y ago | Keycloak Authorization Bypass vulnerability | |||
| CVE-2023-3597 | unknown | — | — | 2y ago | Keycloak secondary factor bypass in step-up authentication | |||
| CVE-2023-6236 | unknown | — | — | 2y ago | WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log | |||
| CVE-2023-5685 | unknown | — | — | 2y ago | XNIO denial of service vulnerability | |||
| CVE-2023-51445 | unknown | — | — | 2y ago | Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API | |||
| CVE-2023-51444 | unknown | — | — | 2y ago | Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API | |||
| CVE-2023-41877 | unknown | — | — | 2y ago | GeoServer log file path traversal vulnerability | |||
| CVE-2023-50740 | unknown | — | — | 2y ago | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | |||
| CVE-2023-50378 | unknown | — | — | 2y ago | Apache Ambari: Various Cross site scripting problems | |||
| CVE-2023-51775 | unknown | — | — | 2y ago | jose4j denial of service via specifically crafted JWE | |||
| CVE-2023-45859 | unknown | — | — | 2y ago | Missing permission checks on Hazelcast client protocol | |||
| CVE-2023-50380 | unknown | — | — | 2y ago | Apache Ambari XML External Entity injection | |||
| CVE-2023-51747 | unknown | — | — | 2y ago | SMTP smuggling in Apache James | |||
| CVE-2023-51518 | unknown | — | — | 2y ago | Apache James server: Privilege escalation via JMX pre-authentication deserialization | |||
| CVE-2023-50379 | unknown | — | — | 2y ago | Apache Ambari: authenticated users could perform command injection to perform RCE | |||
| CVE-2023-47795 | unknown | — | — | 2y ago | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | |||
| CVE-2023-42496 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-40191 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |