CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41990 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | |||
| CVE-2023-38203 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-29300 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-7024 | unknown | — | 1.5 | 3y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-49897 | unknown | — | 1.5 | 3y ago | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-47565 | unknown | — | 1.5 | 3y ago | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-6448 | unknown | — | 1.5 | 3y ago | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | |||
| CVE-2023-41266 | unknown | — | 1.5 | 3y ago | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session c… | |||
| CVE-2023-41265 | unknown | — | 1.5 | 3y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-33063 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | |||
| CVE-2023-33107 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||
| CVE-2023-33106 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_… | |||
| CVE-2023-6345 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr… | |||
| CVE-2023-36584 | unknown | — | 1.5 | 3y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2023-36033 | unknown | — | 1.5 | 3y ago | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36036 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2023-36025 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | |||
| CVE-2023-36844 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. U… | |||
| CVE-2023-47246 | unknown | — | 1.5 | 3y ago | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | |||
| CVE-2023-36847 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system i… | |||
| CVE-2023-36846 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-36851 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-29552 | unknown | — | 1.5 | 3y ago | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a… | |||
| CVE-2023-46748 | unknown | — | 1.5 | 3y ago | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to exe… | |||
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2023-20109 | unknown | — | 1.5 | 3y ago | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative cont… | |||
| CVE-2023-36563 | unknown | — | 1.5 | 3y ago | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-41763 | unknown | — | 1.5 | 3y ago | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21608 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | |||
| CVE-2023-42824 | unknown | — | 1.5 | 3y ago | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-28229 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | |||
| CVE-2023-4211 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | |||
| CVE-2023-41992 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-41991 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | |||
| CVE-2023-41179 | unknown | — | 1.5 | 3y ago | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct r… | |||
| CVE-2023-26369 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | |||
| CVE-2023-20269 | unknown | — | 1.5 | 3y ago | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an … | |||
| CVE-2023-35674 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36761 | unknown | — | 1.5 | 3y ago | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-36802 | unknown | — | 1.5 | 3y ago | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-41061 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerabili… | |||
| CVE-2023-41064 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-… | |||
| CVE-2023-28434 | unknown | — | 1.5 | 3y ago | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… | |||
| CVE-2023-27532 | unknown | — | 1.5 | 3y ago | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure… | |||
| CVE-2023-26359 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | |||
| CVE-2023-24489 | unknown | — | 1.5 | 3y ago | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | |||
| CVE-2023-35081 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can b… | |||
| CVE-2023-37580 | unknown | — | 1.5 | 3y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | |||
| CVE-2023-38606 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | |||
| CVE-2023-35078 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with ac… | |||
| CVE-2023-38205 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-29298 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-36884 | unknown | — | 1.5 | 3y ago | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code exe… | |||
| CVE-2023-32046 | unknown | — | 1.5 | 3y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-35311 | unknown | — | 1.5 | 3y ago | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | |||
| CVE-2023-32049 | unknown | — | 1.5 | 3y ago | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | |||
| CVE-2023-32434 | unknown | — | 1.5 | 3y ago | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2023-27992 | unknown | — | 1.5 | 3y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a craf… | |||
| CVE-2023-27997 | unknown | — | 1.5 | 3y ago | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted req… | |||
| CVE-2023-3079 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-33009 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to c… | |||
| CVE-2023-33010 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to … | |||
| CVE-2023-32409 | unknown | — | 1.5 | 3y ago | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote a… | |||
| CVE-2023-21492 | unknown | — | 1.5 | 3y ago | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space la… | |||
| CVE-2023-25717 | unknown | — | 1.5 | 3y ago | Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site … | |||
| CVE-2023-2136 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2023-2033 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-20963 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | |||
| CVE-2023-29492 | unknown | — | 1.5 | 3y ago | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. | |||
| CVE-2023-28206 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | |||
| CVE-2023-26083 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | |||
| CVE-2023-24880 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | |||
| CVE-2023-23397 | unknown | — | 1.5 | 3y ago | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | |||
| CVE-2023-21823 | unknown | — | 1.5 | 3y ago | Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21715 | unknown | — | 1.5 | 3y ago | Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system. | |||
| CVE-2023-23376 | unknown | — | 1.5 | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21674 | unknown | — | 1.5 | 3y ago | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-27372 | unknown | — | 1.0 | — | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | |||
| CVE-2023-2640 | unknown | — | 1.0 | — | On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on th… | |||
| CVE-2023-32629 | unknown | — | 1.0 | — | Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | |||
| CVE-2023-50386 | unknown | — | 1.0 | 2y ago | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | |||
| CVE-2023-48292 | unknown | — | 1.0 | 3y ago | Run Shell Command allows Cross-Site Request Forgery | |||
| CVE-2023-40315 | unknown | — | 1.0 | 3y ago | OpenNMS privilege escalation vulnerability | |||
| CVE-2023-0872 | unknown | — | 1.0 | 3y ago | OpenNMS privilege elevation vulnerability | |||
| CVE-2023-36812 | unknown | — | 1.0 | 3y ago | Remote Code Execution for 2.4.1 and earlier | |||
| CVE-2023-34468 | unknown | — | 1.0 | 3y ago | Apache NiFi vulnerable to Code Injection | |||
| CVE-2023-25826 | unknown | — | 1.0 | 3y ago | Command injection in OpenTSDB | |||
| CVE-2023-52998 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: fec: Use page_pool_put_full_page when freeing rx buffers The page_pool_release_page was used when freeing rx buffers, and th… | |||
| CVE-2023-29543 | unknown | — | — | — | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, F… | |||
| CVE-2023-52936 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() cal… | |||
| CVE-2023-52995 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140(ra)' of vfs_write results in the following crash: [ … | |||
| CVE-2023-52996 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type > RTAX_MAX) re… | |||
| CVE-2023-53003 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC d… | |||
| CVE-2023-53008 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might … | |||
| CVE-2023-53054 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routi… | |||
| CVE-2023-53055 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encrypted inod… | |||
| CVE-2023-52983 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->b… | |||
| CVE-2023-53061 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by addi… | |||
| CVE-2023-53062 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket … | |||
| CVE-2023-52916 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is… |