CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-25745 | unknown | — | — | — | Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-29534 | unknown | — | — | — | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects F… | |||
| CVE-2023-49060 | unknown | — | — | — | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | |||
| CVE-2023-5172 | unknown | — | — | — | A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. | |||
| CVE-2023-5758 | unknown | — | — | — | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for i… | |||
| CVE-2023-6866 | unknown | — | — | — | TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | |||
| CVE-2023-6868 | unknown | — | — | — | In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthori… | |||
| CVE-2023-54281 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget(… | |||
| CVE-2023-1823 | unknown | — | — | — | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2023-1224 | unknown | — | — | — | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev… | |||
| CVE-2023-1534 | unknown | — | — | — | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.… | |||
| CVE-2023-1818 | unknown | — | — | — | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2023-4072 | unknown | — | — | — | Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2023-4909 | unknown | — | — | — | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2023-6346 | unknown | — | — | — | Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-0054 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | |||
| CVE-2023-5480 | unknown | — | — | — | Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) | |||
| CVE-2023-0288 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | |||
| CVE-2023-0049 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | |||
| CVE-2023-1127 | unknown | — | — | — | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | |||
| CVE-2023-1170 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | |||
| CVE-2023-5851 | unknown | — | — | — | Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2023-0051 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. | |||
| CVE-2023-0433 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | |||
| CVE-2023-1175 | unknown | — | — | — | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | |||
| CVE-2023-5859 | unknown | — | — | — | Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: L… | |||
| CVE-2023-6112 | unknown | — | — | — | Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-6350 | unknown | — | — | — | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | |||
| CVE-2023-1264 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | |||
| CVE-2023-2610 | unknown | — | — | — | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. | |||
| CVE-2023-3896 | unknown | — | — | — | Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 | |||
| CVE-2023-2426 | unknown | — | — | — | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | |||
| CVE-2023-2609 | unknown | — | — | — | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. | |||
| CVE-2023-46246 | unknown | — | — | — | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file… | |||
| CVE-2023-4738 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | |||
| CVE-2023-4733 | unknown | — | — | — | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | |||
| CVE-2023-2905 | unknown | — | — | — | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a hea… | |||
| CVE-2023-34188 | unknown | — | — | — | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the s… | |||
| CVE-2023-29544 | unknown | — | — | — | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects … | |||
| CVE-2023-54236 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failov… | |||
| CVE-2023-4052 | unknown | — | — | — | The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling … | |||
| CVE-2023-28862 | unknown | — | — | — | An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verifi… | |||
| CVE-2023-44469 | unknown | — | — | — | A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri au… | |||
| CVE-2023-49061 | unknown | — | — | — | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | |||
| CVE-2023-5174 | unknown | — | — | — | If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *Thi… | |||
| CVE-2023-6211 | unknown | — | — | — | If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if … | |||
| CVE-2023-49355 | unknown | — | — | — | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 ref… | |||
| CVE-2023-50246 | unknown | — | — | — | jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue. | |||
| CVE-2023-52722 | unknown | — | — | — | An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. | |||
| CVE-2023-1523 | unknown | — | — | — | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the sna… | |||
| CVE-2023-4421 | unknown | — | — | — | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted m… | |||
| CVE-2023-4582 | unknown | — | — | — | Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Fire… | |||
| CVE-2023-5175 | unknown | — | — | — | During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulne… | |||
| CVE-2023-5722 | unknown | — | — | — | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | |||
| CVE-2023-5723 | unknown | — | — | — | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Fire… | |||
| CVE-2023-52889 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets … | |||
| CVE-2023-5729 | unknown | — | — | — | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing atta… | |||
| CVE-2023-52885 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the… | |||
| CVE-2023-5727 | unknown | — | — | — | The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows… | |||
| CVE-2023-5341 | unknown | — | — | — | A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | |||
| CVE-2023-54127 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ===================… | |||
| CVE-2023-54288 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211_tx_dequeue() there is a particular l… | |||
| CVE-2023-4135 | unknown | — | — | — | A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is u… | |||
| CVE-2023-53851 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe defer… | |||
| CVE-2023-53853 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink_native_seq_show() read nlk->cb_running locklessl… | |||
| CVE-2023-53987 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"),… | |||
| CVE-2023-53862 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfs_bnode_get() in __hfs_bnode_create Syzbot found a kernel BUG in hfs_bnode_put(): kernel BUG at fs/hfs/bnode… | |||
| CVE-2023-53865 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a transaction abort with qgroups enabled … | |||
| CVE-2023-54067 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the… | |||
| CVE-2023-54078 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path.… | |||
| CVE-2023-54086 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Add preempt_count_{sub,add} into btf id deny list The recursion check in __bpf_prog_enter* and __bpf_prog_exit* leave preemp… | |||
| CVE-2023-54081 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. … | |||
| CVE-2023-54140 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported… | |||
| CVE-2023-54142 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the s… | |||
| CVE-2023-54151 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system cr… | |||
| CVE-2023-54210 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() KASAN reports that there's a use-after-free in hci_… | |||
| CVE-2023-54217 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f… | |||
| CVE-2023-54218 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to… | |||
| CVE-2023-54220 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port->pm on uart_change_pm() Unloading a hardware specific 8250 driver can produce error "Unable to ha… | |||
| CVE-2023-54250 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits withi… | |||
| CVE-2023-54255 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differ… | |||
| CVE-2023-54253 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: set page extent mapped after read_folio in relocate_one_page One of the CI runs triggered the following panic assertion… | |||
| CVE-2023-54264 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads … | |||
| CVE-2023-54314 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and m… | |||
| CVE-2023-54319 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Po… | |||
| CVE-2023-5972 | unknown | — | — | — | A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on th… | |||
| CVE-2023-7042 | unknown | — | — | — | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig… | |||
| CVE-2023-7192 | unknown | — | — | — | A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause… | |||
| CVE-2023-46570 | unknown | — | — | — | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | |||
| CVE-2023-4322 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | |||
| CVE-2023-43090 | unknown | — | — | — | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restri… | |||
| CVE-2023-52968 | unknown | — | — | — | MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_deri… | |||
| CVE-2023-38855 | unknown | — | — | — | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. | |||
| CVE-2023-38856 | unknown | — | — | — | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. | |||
| CVE-2023-41259 | unknown | — | — | — | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | |||
| CVE-2023-41260 | unknown | — | — | — | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | |||
| CVE-2023-34474 | unknown | — | — | — | A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering a… | |||
| CVE-2023-45322 | unknown | — | — | — | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these is… | |||
| CVE-2023-0469 | unknown | — | — | — | A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. | |||
| CVE-2023-0615 | unknown | — | — | — | A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIO… |