CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-53423 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in create_static_call_sections() strdup() allocates memory for key_name. We need to release the memory i… | |||
| CVE-2023-53428 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powercap: arm_scmi: Remove recursion while parsing zones Powercap zones can be defined as arranged in a hierarchy of trees and wh… | |||
| CVE-2023-6510 | unknown | — | — | — | Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via … | |||
| CVE-2023-53668 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft l… | |||
| CVE-2023-32247 | unknown | — | — | — | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of … | |||
| CVE-2023-53429 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in __extent_writepage __extent_writepage currenly sets PageError whenever any error happens, and the… | |||
| CVE-2023-1816 | unknown | — | — | — | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security se… | |||
| CVE-2023-53432 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference… | |||
| CVE-2023-53434 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores The IRAM is part of the HiFi DSP. According t… | |||
| CVE-2023-53435 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cassini: Fix a memory leak in the error handling path of cas_init_one() cas_saturn_firmware_init() allocates some memory using vm… | |||
| CVE-2023-53658 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the… | |||
| CVE-2023-53650 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() If 'mipid_detect()' fails, we must free 'md' to avoid a… | |||
| CVE-2023-5344 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | |||
| CVE-2023-2460 | unknown | — | — | — | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks… | |||
| CVE-2023-52906 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has … | |||
| CVE-2023-53631 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attrib… | |||
| CVE-2023-53468 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in alloc_wbufs() kmemleak reported a sequence of memory leaks, and show them as following: unreferenced… | |||
| CVE-2023-53445 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. .… | |||
| CVE-2023-53454 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device … | |||
| CVE-2023-51766 | unknown | — | — | 4d ago | Exim vulnerabilities | |||
| CVE-2023-53520 | unknown | — | — | 16d ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2023-54207 | unknown | — | — | 16d ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2023-31722 | unknown | — | — | 1mo ago | NASM vulnerabilities | |||
| CVE-2023-49937 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-41914 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-49938 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-49933 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-1289 | unknown | — | — | 3mo ago | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file … | |||
| CVE-2023-54164 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat… | |||
| CVE-2023-54130 | unknown | — | — | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit… | |||
| CVE-2023-38693 | unknown | — | — | 1y ago | Lucee RCE/XXE Vulnerability | |||
| CVE-2023-25574 | unknown | — | — | 1y ago | LTI JupyterHub Authenticator does not properly validate JWT Signature | |||
| CVE-2023-0482 | unknown | — | — | 1y ago | Insecure Temporary File in RESTEasy | |||
| CVE-2023-37940 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page | |||
| CVE-2023-1419 | unknown | — | — | 2y ago | Debezium database connector has a script injection vulnerability | |||
| CVE-2023-4639 | unknown | — | — | 2y ago | Undertow incorrectly parses cookies | |||
| CVE-2023-1973 | unknown | — | — | 2y ago | Undertow Denial of Service vulnerability | |||
| CVE-2023-1932 | unknown | — | — | 2y ago | hibernate-validator Cross-site Scripting vulnerability | |||
| CVE-2023-50780 | unknown | — | — | 2y ago | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | |||
| CVE-2023-25581 | unknown | — | — | 2y ago | pac4j-core affected by a Java deserialization vulnerability | |||
| CVE-2023-30464 | unknown | — | — | 2y ago | CoreDNS Cache Poisoning via a birthday attack | |||
| CVE-2023-6841 | unknown | — | — | 2y ago | Keycloak Denial of Service vulnerability | |||
| CVE-2023-49198 | unknown | — | — | 2y ago | Apache SeaTunnel SQL Injection vulnerability | |||
| CVE-2023-42809 | unknown | — | — | 2y ago | Redisson vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-45146 | unknown | — | — | 2y ago | XXL-RPC Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-28857 | unknown | — | — | 2y ago | Apereo CAS vulnerable to credential leaks for LDAP authentication | |||
| CVE-2023-48396 | unknown | — | — | 2y ago | Apache SeaTunnel Web Authentication vulnerability | |||
| CVE-2023-49921 | unknown | — | — | 2y ago | Elasticsearch Insertion of Sensitive Information into Log File | |||
| CVE-2023-48362 | unknown | — | — | 2y ago | XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill | |||
| CVE-2023-7272 | unknown | — | — | 2y ago | Eclipse Parsson stack overflow when parsing deeply nested input | |||
| CVE-2023-52291 | unknown | — | — | 2y ago | Apache StreamPark: Unchecked maven build params could trigger remote command execution | |||
| CVE-2023-49566 | unknown | — | — | 2y ago | Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability | |||
| CVE-2023-46801 | unknown | — | — | 2y ago | Apache Linkis DataSource remote code execution vulnerability | |||
| CVE-2023-41916 | unknown | — | — | 2y ago | Apache Linkis DataSource allows arbitrary file reading | |||
| CVE-2023-46442 | unknown | — | — | 2y ago | Soot Infinite Loop vulnerability | |||
| CVE-2023-35701 | unknown | — | — | 2y ago | Apache Hive Code Injection vulnerability | |||
| CVE-2023-46565 | unknown | — | — | 2y ago | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go. | |||
| CVE-2023-0657 | unknown | — | — | 2y ago | Keycloak vulnerable to impersonation via logout token exchange | |||
| CVE-2023-6787 | unknown | — | — | 2y ago | Keycloak vulnerable to session hijacking via re-authentication | |||
| CVE-2023-6484 | unknown | — | — | 2y ago | Keycloak vulnerable to log Injection during WebAuthn authentication or registration | |||
| CVE-2023-6544 | unknown | — | — | 2y ago | Keycloak Authorization Bypass vulnerability | |||
| CVE-2023-3597 | unknown | — | — | 2y ago | Keycloak secondary factor bypass in step-up authentication | |||
| CVE-2023-6236 | unknown | — | — | 2y ago | WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log | |||
| CVE-2023-5685 | unknown | — | — | 2y ago | XNIO denial of service vulnerability | |||
| CVE-2023-51445 | unknown | — | — | 2y ago | Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API | |||
| CVE-2023-51444 | unknown | — | — | 2y ago | Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API | |||
| CVE-2023-41877 | unknown | — | — | 2y ago | GeoServer log file path traversal vulnerability | |||
| CVE-2023-50740 | unknown | — | — | 2y ago | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | |||
| CVE-2023-50378 | unknown | — | — | 2y ago | Apache Ambari: Various Cross site scripting problems | |||
| CVE-2023-51775 | unknown | — | — | 2y ago | jose4j denial of service via specifically crafted JWE | |||
| CVE-2023-45859 | unknown | — | — | 2y ago | Missing permission checks on Hazelcast client protocol | |||
| CVE-2023-50380 | unknown | — | — | 2y ago | Apache Ambari XML External Entity injection | |||
| CVE-2023-51747 | unknown | — | — | 2y ago | SMTP smuggling in Apache James | |||
| CVE-2023-51518 | unknown | — | — | 2y ago | Apache James server: Privilege escalation via JMX pre-authentication deserialization | |||
| CVE-2023-50379 | unknown | — | — | 2y ago | Apache Ambari: authenticated users could perform command injection to perform RCE | |||
| CVE-2023-47795 | unknown | — | — | 2y ago | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | |||
| CVE-2023-40191 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42498 | unknown | — | — | 2y ago | Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42496 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-49250 | unknown | — | — | 2y ago | Improper Certificate Validation in Apache DolphinScheduler | |||
| CVE-2023-51770 | unknown | — | — | 2y ago | Arbitrary File Read Vulnerability in Apache Dolphinscheduler | |||
| CVE-2023-50270 | unknown | — | — | 2y ago | Session Fixation Apache DolphinScheduler | |||
| CVE-2023-49109 | unknown | — | — | 2y ago | Remote Code Execution in Apache Dolphinscheduler | |||
| CVE-2023-44308 | unknown | — | — | 2y ago | Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page | |||
| CVE-2023-5190 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page | |||
| CVE-2023-45860 | unknown | — | — | 2y ago | Hazelcast Platform permission checking in CSV File Source connector | |||
| CVE-2023-52428 | unknown | — | — | 2y ago | Denial of Service in Connect2id Nimbus JOSE+JWT | |||
| CVE-2023-50292 | unknown | — | — | 2y ago | Apache Solr Schema Designer blindly "trusts" all configsets | |||
| CVE-2023-50291 | unknown | — | — | 2y ago | Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies | |||
| CVE-2023-50298 | unknown | — | — | 2y ago | Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds | |||
| CVE-2023-47798 | unknown | — | — | 2y ago | Liferay Portal's account lockout does not invalidate existing user sessions | |||
| CVE-2023-39196 | unknown | — | — | 2y ago | Apache Ozone Improper Authentication vulnerability | |||
| CVE-2023-51437 | unknown | — | — | 2y ago | Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability | |||
| CVE-2023-34042 | unknown | — | — | 2y ago | Spring Security's spring-security.xsd file is world writable | |||
| CVE-2023-51982 | unknown | — | — | 2y ago | CrateDB authentication bypass vulnerability | |||
| CVE-2023-29055 | unknown | — | — | 2y ago | Apache Kylin has Insufficiently Protected Credentials | |||
| CVE-2023-6267 | unknown | — | — | 2y ago | Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability | |||
| CVE-2023-6927 | unknown | — | — | 2y ago | keycloak-core: open redirect via "form_post.jwt" JARM response mode | |||
| CVE-2023-51282 | unknown | — | — | 2y ago | Code injection in mingSoft MCMS | |||
| CVE-2023-46226 | unknown | — | — | 2y ago | Remote Code Execution vulnerability in Apache IoTDB via UDF |