CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6548 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. | |||
| CVE-2023-6549 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or… | |||
| CVE-2023-29300 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-41990 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | |||
| CVE-2023-38203 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-7024 | unknown | — | 1.5 | 3y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-49897 | unknown | — | 1.5 | 3y ago | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-47565 | unknown | — | 1.5 | 3y ago | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-6448 | unknown | — | 1.5 | 3y ago | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | |||
| CVE-2023-41266 | unknown | — | 1.5 | 3y ago | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session c… | |||
| CVE-2023-41265 | unknown | — | 1.5 | 3y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-33106 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_… | |||
| CVE-2023-33107 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||
| CVE-2023-33063 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | |||
| CVE-2023-6345 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr… | |||
| CVE-2023-36584 | unknown | — | 1.5 | 3y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2023-36033 | unknown | — | 1.5 | 3y ago | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36036 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2023-36025 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | |||
| CVE-2023-36846 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-36851 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-47246 | unknown | — | 1.5 | 3y ago | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | |||
| CVE-2023-36844 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. U… | |||
| CVE-2023-36847 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system i… | |||
| CVE-2023-29552 | unknown | — | 1.5 | 3y ago | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a… | |||
| CVE-2023-46748 | unknown | — | 1.5 | 3y ago | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to exe… | |||
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2023-41763 | unknown | — | 1.5 | 3y ago | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-20109 | unknown | — | 1.5 | 3y ago | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative cont… | |||
| CVE-2023-21608 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | |||
| CVE-2023-36563 | unknown | — | 1.5 | 3y ago | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-42824 | unknown | — | 1.5 | 3y ago | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-28229 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | |||
| CVE-2023-4211 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | |||
| CVE-2023-41992 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-41991 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | |||
| CVE-2023-41179 | unknown | — | 1.5 | 3y ago | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct r… | |||
| CVE-2023-26369 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | |||
| CVE-2023-20269 | unknown | — | 1.5 | 3y ago | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an … | |||
| CVE-2023-35674 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36802 | unknown | — | 1.5 | 3y ago | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36761 | unknown | — | 1.5 | 3y ago | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-41064 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-… | |||
| CVE-2023-41061 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerabili… | |||
| CVE-2023-28434 | unknown | — | 1.5 | 3y ago | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… | |||
| CVE-2023-27532 | unknown | — | 1.5 | 3y ago | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure… | |||
| CVE-2023-26359 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | |||
| CVE-2023-24489 | unknown | — | 1.5 | 3y ago | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | |||
| CVE-2023-35081 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can b… | |||
| CVE-2023-37580 | unknown | — | 1.5 | 3y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | |||
| CVE-2023-38606 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | |||
| CVE-2023-35078 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with ac… | |||
| CVE-2023-38205 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-29298 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-36884 | unknown | — | 1.5 | 3y ago | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code exe… | |||
| CVE-2023-35311 | unknown | — | 1.5 | 3y ago | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | |||
| CVE-2023-32046 | unknown | — | 1.5 | 3y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-32049 | unknown | — | 1.5 | 3y ago | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | |||
| CVE-2023-27992 | unknown | — | 1.5 | 3y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a craf… | |||
| CVE-2023-32434 | unknown | — | 1.5 | 3y ago | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2023-27997 | unknown | — | 1.5 | 3y ago | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted req… | |||
| CVE-2023-3079 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-33010 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to … | |||
| CVE-2023-33009 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to c… | |||
| CVE-2023-32409 | unknown | — | 1.5 | 3y ago | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote a… | |||
| CVE-2023-21492 | unknown | — | 1.5 | 3y ago | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space la… | |||
| CVE-2023-25717 | unknown | — | 1.5 | 3y ago | Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site … | |||
| CVE-2023-2136 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2023-2033 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-29492 | unknown | — | 1.5 | 3y ago | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. | |||
| CVE-2023-20963 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | |||
| CVE-2023-28206 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | |||
| CVE-2023-26083 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | |||
| CVE-2023-24880 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | |||
| CVE-2023-23397 | unknown | — | 1.5 | 3y ago | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | |||
| CVE-2023-23376 | unknown | — | 1.5 | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21715 | unknown | — | 1.5 | 3y ago | Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system. | |||
| CVE-2023-21823 | unknown | — | 1.5 | 3y ago | Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21674 | unknown | — | 1.5 | 4y ago | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-27372 | unknown | — | 1.0 | — | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | |||
| CVE-2023-50386 | unknown | — | 1.0 | 2y ago | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | |||
| CVE-2023-48292 | unknown | — | 1.0 | 3y ago | Run Shell Command allows Cross-Site Request Forgery | |||
| CVE-2023-40315 | unknown | — | 1.0 | 3y ago | OpenNMS privilege escalation vulnerability | |||
| CVE-2023-0872 | unknown | — | 1.0 | 3y ago | OpenNMS privilege elevation vulnerability | |||
| CVE-2023-36812 | unknown | — | 1.0 | 3y ago | Remote Code Execution for 2.4.1 and earlier | |||
| CVE-2023-34468 | unknown | — | 1.0 | 3y ago | Apache NiFi vulnerable to Code Injection | |||
| CVE-2023-25826 | unknown | — | 1.0 | 3y ago | Command injection in OpenTSDB | |||
| CVE-2023-53035 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metad… | |||
| CVE-2023-53681 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch… | |||
| CVE-2023-5856 | unknown | — | — | — | Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a cra… | |||
| CVE-2023-53011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e ("net: stmmac: Ad… | |||
| CVE-2023-5996 | unknown | — | — | — | Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-6111 | unknown | — | — | — | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catc… | |||
| CVE-2023-52468 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found in lock_keys_hash hlist aft… | |||
| CVE-2023-52460 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr.… | |||
| CVE-2023-52461 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--should… | |||
| CVE-2023-40360 | unknown | — | — | — | QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Pla… | |||
| CVE-2023-37203 | unknown | — | — | — | Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could ha… | |||
| CVE-2023-42116 | unknown | — | — | — | Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentica… | |||
| CVE-2023-35828 | unknown | — | — | — | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. |