CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24453 | unknown | — | — | 3y ago | Missing permission check in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24436 | unknown | — | — | 3y ago | Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs | |||
| CVE-2023-24446 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24426 | unknown | — | — | 3y ago | Insufficient Session Expiration in Jenkins Azure AD Plugin | |||
| CVE-2023-24445 | unknown | — | — | 3y ago | Open redirect vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24423 | unknown | — | — | 3y ago | Cross-site request forgery in Jenkins Gerrit Trigger Plugin | |||
| CVE-2023-24434 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2023-24444 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24441 | unknown | — | — | 3y ago | XML external entity vulnerability on agents in Jenkins MSTest Plugin | |||
| CVE-2023-24447 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin | |||
| CVE-2023-24455 | unknown | — | — | 3y ago | Path Traversal in Jenkins visualexpert Plugin | |||
| CVE-2023-24440 | unknown | — | — | 3y ago | Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24431 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs | |||
| CVE-2023-24439 | unknown | — | — | 3y ago | Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24449 | unknown | — | — | 3y ago | Path traversal vulnerability in Jenkins PWauth Security Realm Plugin | |||
| CVE-2023-24433 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow capturing credentials | |||
| CVE-2023-24424 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-24438 | unknown | — | — | 3y ago | Missing permissions check in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24425 | unknown | — | — | 3y ago | Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin | |||
| CVE-2023-24450 | unknown | — | — | 3y ago | Passwords stored in plain text by Jenkins view-cloner Plugin | |||
| CVE-2023-24430 | unknown | — | — | 3y ago | XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin | |||
| CVE-2023-24451 | unknown | — | — | 3y ago | Cisco Spark Notifier Jenkins Plugin contains Missing Authorization | |||
| CVE-2023-24435 | unknown | — | — | 3y ago | Missing permission checks in Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2023-24452 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24458 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins BearyChat Plugin | |||
| CVE-2023-24457 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Keycloak Authentication Plugin | |||
| CVE-2023-24459 | unknown | — | — | 3y ago | Missing permission check in Jenkins BearyChat Plugin | |||
| CVE-2023-23613 | unknown | — | — | 3y ago | Field-level security issue with .keyword fields in OpenSearch | |||
| CVE-2023-23612 | unknown | — | — | 3y ago | Issue with whitespace in JWT roles in OpenSearch | |||
| CVE-2023-24057 | unknown | — | — | 3y ago | MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core` | |||
| CVE-2023-22742 | unknown | — | — | 3y ago | libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versio… | |||
| CVE-2023-22602 | unknown | — | — | 3y ago | Apache Shiro Interpretation Conflict vulnerability | |||
| CVE-2023-0091 | unknown | — | — | 3y ago | Keycloak has lack of validation of access token on client registrations endpoint | |||
| CVE-2023-22899 | unknown | — | — | 4y ago | Zip4j Origin Validation Error | |||
| CVE-2023-22465 | unknown | — | — | 4y ago | Http4s improperly parses User-Agent and Server headers | |||
| CVE-2023-22457 | unknown | — | — | 4y ago | XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery | |||
| CVE-2023-22466 | unknown | — | — | 4y ago | Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` … |