VIR Vulnerability Intelligence Relay

CVEs from 2023

6,091 normalized CVEs published or assigned in this year.

Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-2631 unknown 3y ago Jenkins Code Dx Plugin missing permission checks
CVE-2023-2195 unknown 3y ago Jenkins Code Dx Plugin cross-site request forgery vulnerability
CVE-2023-33006 unknown 3y ago Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
CVE-2023-32992 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
CVE-2023-33004 unknown 3y ago Jenkins Tag Profiler Plugin missing permission check
CVE-2023-32995 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
CVE-2023-32978 unknown 3y ago Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery
CVE-2023-32977 unknown 3y ago Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
CVE-2023-2632 unknown 3y ago Jenkins Code Dx Plugin stores API keys in plain text
CVE-2023-33000 unknown 3y ago Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
CVE-2023-32988 unknown 3y ago Jenkins Azure VM Agents Plugin missing permission checks
CVE-2023-32997 unknown 3y ago Jenkins CAS Plugin Session Fixation vulnerability
CVE-2023-33003 unknown 3y ago Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
CVE-2023-32980 unknown 3y ago Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
CVE-2023-32994 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
CVE-2023-2196 unknown 3y ago Jenkins Code Dx Plugin missing permission checks
CVE-2023-32983 unknown 3y ago Jenkins Ansible Plugin job configuration form does not mask variables
CVE-2023-32987 unknown 3y ago Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
CVE-2023-32990 unknown 3y ago Jenkins Azure VM Agents Plugin missing permission checks
CVE-2023-33007 unknown 3y ago Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability
CVE-2023-32998 unknown 3y ago Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability
CVE-2023-32996 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
CVE-2023-32993 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
CVE-2023-32982 unknown 3y ago Jenkins Ansible Plugin stores and displays secrets in plain text
CVE-2023-32979 unknown 3y ago Jenkins Email Extension Plugin missing permission check
CVE-2023-32981 unknown 3y ago Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
CVE-2023-2633 unknown 3y ago Jenkins Code Dx Plugin displays API keys in plain text
CVE-2023-33002 unknown 3y ago TestComplete support Plugin vulnerable to stored Cross-site Scripting
CVE-2023-32991 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
CVE-2023-33005 unknown 3y ago Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
CVE-2023-33001 unknown 3y ago Jenkins HashiCorp Vault Plugin has improper masking of credentials
CVE-2023-32989 unknown 3y ago Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability
CVE-2023-32999 unknown 3y ago Jenkins AppSpider Plugin missing permission check
CVE-2023-32986 unknown 3y ago Jenkins File Parameter Plugin arbitrary file write vulnerability
CVE-2023-32985 unknown 3y ago Jenkins Sidebar Link Plugin vulnerable to Path Traversal
CVE-2023-32984 unknown 3y ago Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
CVE-2023-31890 unknown 3y ago glazedlists XML Deserialization vulnerability
CVE-2023-53160 unknown 3y ago The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
CVE-2023-32068 unknown 3y ago org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
CVE-2023-32081 unknown 3y ago Vert.x STOMP server process client frames that would not send initially a connect frame
CVE-2023-32082 unknown 3y ago etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease wh…
CVE-2023-29032 unknown 3y ago Apache OpenMeetings Improper Authentication vulnerability
CVE-2023-29246 unknown 3y ago Apache OpenMeetings vulnerable to remote code execution via null-bye injection
CVE-2023-32070 unknown 3y ago Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
CVE-2023-32069 unknown 3y ago Privilege escalation (PR)/RCE from account through class sheet
CVE-2023-31141 unknown 3y ago OpenSearch issue with fine-grained access control during extremely rare race conditions
CVE-2023-31126 unknown 3y ago Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
CVE-2023-32071 unknown 3y ago XWiki Platform vulnerable to RXSS via editor parameter - importinline template
CVE-2023-30093 unknown 3y ago ONOS vulnerable to Cross-site Scripting
CVE-2023-30331 unknown 3y ago Server-side template injection in beetl
CVE-2023-30551 unknown 3y ago Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory witho…
CVE-2023-25827 unknown 3y ago Cross Site Scripting in OpenTSDB
CVE-2023-32007 unknown 3y ago Apache Spark UI vulnerable to Command Injection
CVE-2023-29471 unknown 3y ago Lightbend Alpakka Kafka logs credentials on debug level
CVE-2023-30349 unknown 3y ago Remote code execution in JFinal CMS
CVE-2023-22665 unknown 3y ago Arbitrary javascript injection in Apache Jena
CVE-2023-29924 unknown 3y ago PowerJob vulnerable to incorrect access control
CVE-2023-1892 unknown 3y ago Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
CVE-2023-29525 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
CVE-2023-29527 unknown 3y ago XWiki Platform vulnerable to code injection from account through AWM view sheet
CVE-2023-29526 unknown 3y ago XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
CVE-2023-29524 unknown 3y ago XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
CVE-2023-29523 unknown 3y ago XWiki Platform vulnerable to code injection in display method used in user profiles
CVE-2023-29522 unknown 3y ago XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
CVE-2023-29521 unknown 3y ago XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
CVE-2023-29520 unknown 3y ago XWiki Platform vulnerable to page render failure due to broken translations
CVE-2023-29519 unknown 3y ago org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
CVE-2023-29518 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
CVE-2023-29517 unknown 3y ago Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
CVE-2023-29516 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
CVE-2023-29515 unknown 3y ago XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
CVE-2023-29514 unknown 3y ago XWiki vulnerable to Code Injection in template provider administration
CVE-2023-29513 unknown 3y ago xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
CVE-2023-29512 unknown 3y ago xwiki-platform-web-templates vulnerable to Eval Injection
CVE-2023-20873 unknown 3y ago Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
CVE-2023-29528 unknown 3y ago Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
CVE-2023-25601 unknown 3y ago Apache DolphinScheduler's python gateway suffered from improper authentication
CVE-2023-29926 unknown 3y ago PowerJob vulnerable to remote code execution
CVE-2023-29922 unknown 3y ago PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
CVE-2023-20862 unknown 3y ago Spring Security logout not clearing security context
CVE-2023-29510 unknown 3y ago Code injection via unescaped translations in xwiki-platform
CVE-2023-29197 unknown 3y ago guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names a…
CVE-2023-26048 unknown 3y ago OutOfMemoryError for large multipart without filename in Eclipse Jetty
CVE-2023-29923 unknown 3y ago PowerJob vulnerable to Insecure Permissions
CVE-2023-29921 unknown 3y ago PowerJob Incorrect Access Control vulnerability
CVE-2023-26049 unknown 3y ago Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
CVE-2023-24831 unknown 3y ago Apache IoTDB Grafana Connector vulnerable to Improper Authentication
CVE-2023-22946 unknown 3y ago Apache Spark vulnerable to Improper Privilege Management
CVE-2023-30535 unknown 3y ago Snowflake JDBC vulnerable to command injection via SSO URL authentication
CVE-2023-20866 unknown 3y ago Spring Session session ID can be logged to the standard output stream
CVE-2023-20863 unknown 3y ago Spring Framework vulnerable to denial of service
CVE-2023-29207 unknown 3y ago Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
CVE-2023-29203 unknown 3y ago Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
CVE-2023-29206 unknown 3y ago org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins
CVE-2023-29205 unknown 3y ago org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
CVE-2023-29204 unknown 3y ago org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
CVE-2023-29202 unknown 3y ago org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
CVE-2023-29201 unknown 3y ago org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
CVE-2023-29511 unknown 3y ago xwiki-platform-administration-ui vulnerable to privilege escalation
CVE-2023-30537 unknown 3y ago org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation