CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6549 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or… | |||
| CVE-2023-6548 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. | |||
| CVE-2023-41990 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | |||
| CVE-2023-38203 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-29300 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-7024 | unknown | — | 1.5 | 3y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-49897 | unknown | — | 1.5 | 3y ago | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-47565 | unknown | — | 1.5 | 3y ago | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-6448 | unknown | — | 1.5 | 3y ago | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | |||
| CVE-2023-41266 | unknown | — | 1.5 | 3y ago | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session c… | |||
| CVE-2023-41265 | unknown | — | 1.5 | 3y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-33107 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||
| CVE-2023-33106 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_… | |||
| CVE-2023-33063 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | |||
| CVE-2023-6345 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr… | |||
| CVE-2023-36584 | unknown | — | 1.5 | 3y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2023-36036 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2023-36033 | unknown | — | 1.5 | 3y ago | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36025 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | |||
| CVE-2023-36847 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system i… | |||
| CVE-2023-36851 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-47246 | unknown | — | 1.5 | 3y ago | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | |||
| CVE-2023-36844 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. U… | |||
| CVE-2023-36846 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-29552 | unknown | — | 1.5 | 3y ago | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a… | |||
| CVE-2023-46748 | unknown | — | 1.5 | 3y ago | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to exe… | |||
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2023-36563 | unknown | — | 1.5 | 3y ago | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-20109 | unknown | — | 1.5 | 3y ago | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative cont… | |||
| CVE-2023-41763 | unknown | — | 1.5 | 3y ago | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21608 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | |||
| CVE-2023-42824 | unknown | — | 1.5 | 3y ago | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-28229 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | |||
| CVE-2023-4211 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | |||
| CVE-2023-41991 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | |||
| CVE-2023-41992 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-41179 | unknown | — | 1.5 | 3y ago | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct r… | |||
| CVE-2023-26369 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | |||
| CVE-2023-20269 | unknown | — | 1.5 | 3y ago | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an … | |||
| CVE-2023-35674 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36802 | unknown | — | 1.5 | 3y ago | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36761 | unknown | — | 1.5 | 3y ago | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-41061 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerabili… | |||
| CVE-2023-41064 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-… | |||
| CVE-2023-28434 | unknown | — | 1.5 | 3y ago | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… | |||
| CVE-2023-27532 | unknown | — | 1.5 | 3y ago | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure… | |||
| CVE-2023-26359 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | |||
| CVE-2023-24489 | unknown | — | 1.5 | 3y ago | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | |||
| CVE-2023-35081 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can b… | |||
| CVE-2023-37580 | unknown | — | 1.5 | 3y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | |||
| CVE-2023-38606 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | |||
| CVE-2023-35078 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with ac… | |||
| CVE-2023-29298 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-38205 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-36884 | unknown | — | 1.5 | 3y ago | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code exe… | |||
| CVE-2023-32046 | unknown | — | 1.5 | 3y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-35311 | unknown | — | 1.5 | 3y ago | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | |||
| CVE-2023-32049 | unknown | — | 1.5 | 3y ago | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | |||
| CVE-2023-32434 | unknown | — | 1.5 | 3y ago | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2023-27992 | unknown | — | 1.5 | 3y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a craf… | |||
| CVE-2023-27997 | unknown | — | 1.5 | 3y ago | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted req… | |||
| CVE-2023-3079 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-33009 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to c… | |||
| CVE-2023-33010 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to … | |||
| CVE-2023-32409 | unknown | — | 1.5 | 3y ago | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote a… | |||
| CVE-2023-21492 | unknown | — | 1.5 | 3y ago | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space la… | |||
| CVE-2023-25717 | unknown | — | 1.5 | 3y ago | Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site … | |||
| CVE-2023-2136 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2023-2033 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-20963 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | |||
| CVE-2023-29492 | unknown | — | 1.5 | 3y ago | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. | |||
| CVE-2023-28206 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | |||
| CVE-2023-26083 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | |||
| CVE-2023-24880 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | |||
| CVE-2023-23397 | unknown | — | 1.5 | 3y ago | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | |||
| CVE-2023-23376 | unknown | — | 1.5 | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21823 | unknown | — | 1.5 | 3y ago | Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21715 | unknown | — | 1.5 | 3y ago | Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system. | |||
| CVE-2023-21674 | unknown | — | 1.5 | 4y ago | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-27372 | unknown | — | 1.0 | — | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | |||
| CVE-2023-50386 | unknown | — | 1.0 | 2y ago | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | |||
| CVE-2023-48292 | unknown | — | 1.0 | 3y ago | Run Shell Command allows Cross-Site Request Forgery | |||
| CVE-2023-40315 | unknown | — | 1.0 | 3y ago | OpenNMS privilege escalation vulnerability | |||
| CVE-2023-0872 | unknown | — | 1.0 | 3y ago | OpenNMS privilege elevation vulnerability | |||
| CVE-2023-36812 | unknown | — | 1.0 | 3y ago | Remote Code Execution for 2.4.1 and earlier | |||
| CVE-2023-34468 | unknown | — | 1.0 | 3y ago | Apache NiFi vulnerable to Code Injection | |||
| CVE-2023-25826 | unknown | — | 1.0 | 3y ago | Command injection in OpenTSDB | |||
| CVE-2023-53799 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. … | |||
| CVE-2023-54236 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failov… | |||
| CVE-2023-53240 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xsk: check IFF_UP earlier in Tx path Xsk Tx can be triggered via either sendmsg() or poll() syscalls. These two paths share a cal… | |||
| CVE-2023-53718 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buf… | |||
| CVE-2023-53836 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the sk_psock_backlog can be referenced a… | |||
| CVE-2023-45322 | unknown | — | — | — | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these is… | |||
| CVE-2023-4764 | unknown | — | — | — | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity… | |||
| CVE-2023-1821 | unknown | — | — | — | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium… | |||
| CVE-2023-39742 | unknown | — | — | — | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | |||
| CVE-2023-45024 | unknown | — | — | — | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | |||
| CVE-2023-0045 | unknown | — | — | — | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates … | |||
| CVE-2023-0030 | unknown | — | — | — | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or… | |||
| CVE-2023-0160 | unknown | — | — | — | A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. |