CVEs from 2023
Total
6,110
critical
critical 239
high
high 1,527
medium
medium 1,390
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43770 | unknown | — | 1.5 | 2y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. | |||
| CVE-2023-4762 | unknown | — | 1.5 | 2y ago | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Ch… | |||
| CVE-2023-34048 | unknown | — | 1.5 | 2y ago | VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. | |||
| CVE-2023-35082 | unknown | — | 1.5 | 2y ago | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the applicat… | |||
| CVE-2023-6549 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or… | |||
| CVE-2023-6548 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. | |||
| CVE-2023-29300 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-38203 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-41990 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | |||
| CVE-2023-7024 | unknown | — | 1.5 | 3y ago | Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit … | |||
| CVE-2023-47565 | unknown | — | 1.5 | 3y ago | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-49897 | unknown | — | 1.5 | 3y ago | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-6448 | unknown | — | 1.5 | 3y ago | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | |||
| CVE-2023-41265 | unknown | — | 1.5 | 3y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-41266 | unknown | — | 1.5 | 3y ago | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session c… | |||
| CVE-2023-33063 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | |||
| CVE-2023-33107 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||
| CVE-2023-33106 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_… | |||
| CVE-2023-6345 | unknown | — | 1.5 | 3y ago | Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. … | |||
| CVE-2023-36584 | unknown | — | 1.5 | 3y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2023-36025 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | |||
| CVE-2023-36036 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2023-36033 | unknown | — | 1.5 | 3y ago | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36851 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-47246 | unknown | — | 1.5 | 3y ago | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | |||
| CVE-2023-36844 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. U… | |||
| CVE-2023-36846 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-36847 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system i… | |||
| CVE-2023-29552 | unknown | — | 1.5 | 3y ago | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a… | |||
| CVE-2023-46748 | unknown | — | 1.5 | 3y ago | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to exe… | |||
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2023-20109 | unknown | — | 1.5 | 3y ago | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative cont… | |||
| CVE-2023-41763 | unknown | — | 1.5 | 3y ago | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36563 | unknown | — | 1.5 | 3y ago | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-21608 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | |||
| CVE-2023-42824 | unknown | — | 1.5 | 3y ago | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-28229 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | |||
| CVE-2023-4211 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | |||
| CVE-2023-41991 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | |||
| CVE-2023-41992 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-41179 | unknown | — | 1.5 | 3y ago | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct r… | |||
| CVE-2023-26369 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | |||
| CVE-2023-20269 | unknown | — | 1.5 | 3y ago | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an … | |||
| CVE-2023-35674 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36761 | unknown | — | 1.5 | 3y ago | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-36802 | unknown | — | 1.5 | 3y ago | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-41061 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerabili… | |||
| CVE-2023-41064 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-… | |||
| CVE-2023-28434 | unknown | — | 1.5 | 3y ago | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… | |||
| CVE-2023-27532 | unknown | — | 1.5 | 3y ago | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure… | |||
| CVE-2023-26359 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | |||
| CVE-2023-24489 | unknown | — | 1.5 | 3y ago | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | |||
| CVE-2023-35081 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can b… | |||
| CVE-2023-37580 | unknown | — | 1.5 | 3y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | |||
| CVE-2023-38606 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | |||
| CVE-2023-35078 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with ac… | |||
| CVE-2023-38205 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-29298 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-36884 | unknown | — | 1.5 | 3y ago | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code exe… | |||
| CVE-2023-35311 | unknown | — | 1.5 | 3y ago | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | |||
| CVE-2023-32046 | unknown | — | 1.5 | 3y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-32049 | unknown | — | 1.5 | 3y ago | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | |||
| CVE-2023-27992 | unknown | — | 1.5 | 3y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a craf… | |||
| CVE-2023-32434 | unknown | — | 1.5 | 3y ago | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2023-27997 | unknown | — | 1.5 | 3y ago | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted req… | |||
| CVE-2023-3079 | unknown | — | 1.5 | 3y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2023-33010 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to … | |||
| CVE-2023-33009 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to c… | |||
| CVE-2023-32409 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impa… | |||
| CVE-2023-21492 | unknown | — | 1.5 | 3y ago | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space la… | |||
| CVE-2023-25717 | unknown | — | 1.5 | 3y ago | Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site … | |||
| CVE-2023-2136 | unknown | — | 1.5 | 3y ago | Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2023-2033 | unknown | — | 1.5 | 3y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2023-29492 | unknown | — | 1.5 | 3y ago | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. | |||
| CVE-2023-20963 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | |||
| CVE-2023-28206 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | |||
| CVE-2023-26083 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | |||
| CVE-2023-24880 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | |||
| CVE-2023-23397 | unknown | — | 1.5 | 3y ago | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | |||
| CVE-2023-21823 | unknown | — | 1.5 | 3y ago | Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21715 | unknown | — | 1.5 | 3y ago | Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system. | |||
| CVE-2023-23376 | unknown | — | 1.5 | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-21674 | unknown | — | 1.5 | 3y ago | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-2640 | unknown | — | 1.0 | — | On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on th… | |||
| CVE-2023-27372 | unknown | — | 1.0 | — | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | |||
| CVE-2023-32629 | unknown | — | 1.0 | — | Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | |||
| CVE-2023-50386 | unknown | — | 1.0 | 2y ago | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | |||
| CVE-2023-48292 | unknown | — | 1.0 | 3y ago | Run Shell Command allows Cross-Site Request Forgery | |||
| CVE-2023-40315 | unknown | — | 1.0 | 3y ago | OpenNMS privilege escalation vulnerability | |||
| CVE-2023-0872 | unknown | — | 1.0 | 3y ago | OpenNMS privilege elevation vulnerability | |||
| CVE-2023-36812 | unknown | — | 1.0 | 3y ago | Remote Code Execution for 2.4.1 and earlier | |||
| CVE-2023-34468 | unknown | — | 1.0 | 3y ago | Apache NiFi vulnerable to Code Injection | |||
| CVE-2023-25826 | unknown | — | 1.0 | 3y ago | Command injection in OpenTSDB | |||
| CVE-2023-52511 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI tr… | |||
| CVE-2023-2467 | unknown | — | — | — | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security sev… | |||
| CVE-2023-0472 | unknown | — | — | — | Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-0132 | unknown | — | — | — | Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. … | |||
| CVE-2023-25741 | unknown | — | — | — | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern… | |||
| CVE-2023-4058 | unknown | — | — | — | Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-0130 | unknown | — | — | — | Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. … |