CVEs from 2023
Total
6,102
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0801 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0799 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-28466 | medium | — | 5.5 | 3y ago | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |||
| CVE-2023-0464 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-2700 | medium | — | 5.5 | 3y ago | RHSA-2023:3822: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2023-0804 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0796 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-0798 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-0795 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-24538 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24539 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24540 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24537 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-29400 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24536 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24534 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-25563 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25565 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25564 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25566 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25567 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-0664 | medium | — | 5.5 | 3y ago | A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their p… | |||
| CVE-2023-30775 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-30774 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-30086 | medium | — | 5.5 | 3y ago | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. | |||
| CVE-2023-23936 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-24807 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-52340 | medium | — | 5.5 | 3y ago | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when… | |||
| CVE-2023-23009 | medium | — | 5.5 | 3y ago | RHSA-2023:3095: libreswan security and bug fix update (Moderate) | |||
| CVE-2023-23919 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-1017 | medium | — | 5.5 | 3y ago | Moderate: libtpms security update | |||
| CVE-2023-1018 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-27535 | medium | — | 5.5 | 3y ago | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created con… | |||
| CVE-2023-23916 | medium | — | 5.5 | 3y ago | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed mult… | |||
| CVE-2023-0056 | medium | — | 5.5 | 3y ago | Moderate: haproxy security update | |||
| CVE-2023-25725 | medium | — | 5.5 | 3y ago | Moderate: haproxy security update | |||
| CVE-2023-28756 | medium | — | 5.5 | 3y ago | RHSA-2024:3500: ruby:3.0 security update (Moderate) | |||
| CVE-2023-28755 | medium | — | 5.5 | 3y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2023-0778 | medium | — | 5.5 | 3y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2023-23391 | medium | 5.5 | 5.5 | 3y ago | Office for Android Spoofing Vulnerability | |||
| CVE-2023-27539 | medium | — | 5.5 | 3y ago | RHSA-2023:3082: pcs security and bug fix update (Moderate) | |||
| CVE-2023-0361 | medium | — | 5.5 | 3y ago | Moderate: gnutls security and bug fix update | |||
| CVE-2023-27530 | medium | — | 5.5 | 3y ago | RHSA-2023:3082: pcs security and bug fix update (Moderate) | |||
| CVE-2023-0216 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0494 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write … | |||
| CVE-2023-0217 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0401 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-21843 | medium | — | 5.5 | 3y ago | RHSA-2023:0208: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-21538 | medium | — | 5.5 | 3y ago | RHSA-2023:0079: .NET 6.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-4387 | medium | — | 5.5 | 4y ago | A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to… | |||
| CVE-2023-53181 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if … | |||
| CVE-2023-28410 | medium | — | 5.5 | 4y ago | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially en… | |||
| CVE-2023-2008 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can re… | |||
| CVE-2023-21950 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-30441 | medium | — | 5.5 | 4y ago | RHSA-2022:6735: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-21866 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-21872 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-30059 | medium | 5.4 | 5.4 | 25d ago | An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. | |||
| CVE-2023-32238 | medium | 5.4 | 5.4 | 5mo ago | Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | |||
| CVE-2023-25445 | medium | 5.4 | 5.4 | 6mo ago | Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1. | |||
| CVE-2023-23729 | medium | 5.4 | 5.4 | 6mo ago | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |||
| CVE-2023-32240 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1. | |||
| CVE-2023-47661 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from … | |||
| CVE-2023-47225 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6… | |||
| CVE-2023-47187 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rota… | |||
| CVE-2023-46633 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2. | |||
| CVE-2023-46616 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15. | |||
| CVE-2023-46607 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from … | |||
| CVE-2023-46079 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | |||
| CVE-2023-45828 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |||
| CVE-2023-45636 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPr… | |||
| CVE-2023-45631 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gal… | |||
| CVE-2023-45045 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget … | |||
| CVE-2023-44142 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: f… | |||
| CVE-2023-41857 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.… | |||
| CVE-2023-41688 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFol… | |||
| CVE-2023-41683 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11. | |||
| CVE-2023-41671 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2023-40678 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through … | |||
| CVE-2023-40011 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from … | |||
| CVE-2023-38483 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4. | |||
| CVE-2023-38383 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1. | |||
| CVE-2023-37989 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shi… | |||
| CVE-2023-36680 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select … | |||
| CVE-2023-36526 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplica… | |||
| CVE-2023-36519 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0… | |||
| CVE-2023-36509 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a … | |||
| CVE-2023-35046 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for E… | |||
| CVE-2023-34376 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerc… | |||
| CVE-2023-34014 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2. | |||
| CVE-2023-33215 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3. | |||
| CVE-2023-32601 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a throu… | |||
| CVE-2023-32593 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a thro… | |||
| CVE-2023-32581 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from … | |||
| CVE-2023-50899 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2023-49757 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from … | |||
| CVE-2023-49755 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget:… | |||
| CVE-2023-48776 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from… | |||
| CVE-2023-48774 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | |||
| CVE-2023-48324 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from … |