CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4135 | unknown | — | — | — | A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is u… | |||
| CVE-2023-28177 | unknown | — | — | — | Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-1532 | unknown | — | — | — | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-1531 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-4860 | unknown | — | — | — | Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H… | |||
| CVE-2023-46287 | unknown | — | — | — | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | |||
| CVE-2023-43114 | unknown | — | — | — | An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addA… | |||
| CVE-2023-37205 | unknown | — | — | — | The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. | |||
| CVE-2023-34417 | unknown | — | — | — | Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2023-45931 | unknown | — | — | — | Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrat… | |||
| CVE-2023-45922 | unknown | — | — | — | glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users … | |||
| CVE-2023-54013 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock agains… | |||
| CVE-2023-54157 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF o… | |||
| CVE-2023-31437 | unknown | — | — | — | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a … | |||
| CVE-2023-53831 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the … | |||
| CVE-2023-53080 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. A… | |||
| CVE-2023-53186 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 ("skbuff: fix coalescing for page_pool fragment recy… | |||
| CVE-2023-53187 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes … | |||
| CVE-2023-53727 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: avoid stalls in fq_pie_timer() When setting a high number of flows (limit being 65536), fq_pie_timer() is curr… | |||
| CVE-2023-53195 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init The line cards array is not freed in the error path of mlxsw_… | |||
| CVE-2023-53312 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: fix net_dev_start_xmit trace event vs skb_transport_offset() After blamed commit, we must be more careful about using skb_tr… | |||
| CVE-2023-53388 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtk_drm_bind() can fail, in which case drm_dev_put() is called, destroyin… | |||
| CVE-2023-53608 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race w… | |||
| CVE-2023-53627 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(… | |||
| CVE-2023-52897 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG] There are some reports from the mailing list that since v6… | |||
| CVE-2023-53759 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increments the hidraw device reference counter. The coun… | |||
| CVE-2023-2723 | unknown | — | — | — | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. … | |||
| CVE-2023-53758 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() An early error exit in atmel_qspi_remove() doesn't … | |||
| CVE-2023-53824 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] In… | |||
| CVE-2023-3737 | unknown | — | — | — | Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium securit… | |||
| CVE-2023-53834 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereferen… | |||
| CVE-2023-2940 | unknown | — | — | — | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a cr… | |||
| CVE-2023-53838 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inod… | |||
| CVE-2023-53849 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix workqueue leak on bind errors Make sure to destroy the workqueue also in case of early errors during bind (e.g. a su… | |||
| CVE-2023-52506 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_r… | |||
| CVE-2023-53538 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in push_node_left There is a fairly unlikely race condition in tree mod log rewind that can resul… | |||
| CVE-2023-53300 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fix memleak in hi846_init_controls() hi846_init_controls doesn't clean the allocated ctrl_hdlr in case there is a f… | |||
| CVE-2023-53265 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that the VID header offset + VID header size does not … | |||
| CVE-2023-53251 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() rxq can be NULL only when trans_pcie->rxq is … | |||
| CVE-2023-54094 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting d… | |||
| CVE-2023-51766 | unknown | — | — | 4d ago | Exim vulnerabilities | |||
| CVE-2023-54207 | unknown | — | — | 16d ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2023-53520 | unknown | — | — | 16d ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2023-31722 | unknown | — | — | 1mo ago | NASM vulnerabilities | |||
| CVE-2023-49937 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-41914 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-49933 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-49938 | unknown | — | — | 1mo ago | Slurm vulnerabilities | |||
| CVE-2023-1289 | unknown | — | — | 3mo ago | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file … | |||
| CVE-2023-54164 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat… | |||
| CVE-2023-54130 | unknown | — | — | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit… | |||
| CVE-2023-38693 | unknown | — | — | 1y ago | Lucee RCE/XXE Vulnerability | |||
| CVE-2023-25574 | unknown | — | — | 1y ago | LTI JupyterHub Authenticator does not properly validate JWT Signature | |||
| CVE-2023-0482 | unknown | — | — | 1y ago | Insecure Temporary File in RESTEasy | |||
| CVE-2023-37940 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page | |||
| CVE-2023-4639 | unknown | — | — | 2y ago | Undertow incorrectly parses cookies | |||
| CVE-2023-1419 | unknown | — | — | 2y ago | Debezium database connector has a script injection vulnerability | |||
| CVE-2023-1973 | unknown | — | — | 2y ago | Undertow Denial of Service vulnerability | |||
| CVE-2023-1932 | unknown | — | — | 2y ago | hibernate-validator Cross-site Scripting vulnerability | |||
| CVE-2023-50780 | unknown | — | — | 2y ago | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | |||
| CVE-2023-25581 | unknown | — | — | 2y ago | pac4j-core affected by a Java deserialization vulnerability | |||
| CVE-2023-30464 | unknown | — | — | 2y ago | CoreDNS Cache Poisoning via a birthday attack | |||
| CVE-2023-6841 | unknown | — | — | 2y ago | Keycloak Denial of Service vulnerability | |||
| CVE-2023-49198 | unknown | — | — | 2y ago | Apache SeaTunnel SQL Injection vulnerability | |||
| CVE-2023-45146 | unknown | — | — | 2y ago | XXL-RPC Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-42809 | unknown | — | — | 2y ago | Redisson vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-28857 | unknown | — | — | 2y ago | Apereo CAS vulnerable to credential leaks for LDAP authentication | |||
| CVE-2023-48396 | unknown | — | — | 2y ago | Apache SeaTunnel Web Authentication vulnerability | |||
| CVE-2023-49921 | unknown | — | — | 2y ago | Elasticsearch Insertion of Sensitive Information into Log File | |||
| CVE-2023-48362 | unknown | — | — | 2y ago | XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill | |||
| CVE-2023-7272 | unknown | — | — | 2y ago | Eclipse Parsson stack overflow when parsing deeply nested input | |||
| CVE-2023-52291 | unknown | — | — | 2y ago | Apache StreamPark: Unchecked maven build params could trigger remote command execution | |||
| CVE-2023-49566 | unknown | — | — | 2y ago | Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability | |||
| CVE-2023-41916 | unknown | — | — | 2y ago | Apache Linkis DataSource allows arbitrary file reading | |||
| CVE-2023-46801 | unknown | — | — | 2y ago | Apache Linkis DataSource remote code execution vulnerability | |||
| CVE-2023-46442 | unknown | — | — | 2y ago | Soot Infinite Loop vulnerability | |||
| CVE-2023-35701 | unknown | — | — | 2y ago | Apache Hive Code Injection vulnerability | |||
| CVE-2023-46565 | unknown | — | — | 2y ago | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go. | |||
| CVE-2023-0657 | unknown | — | — | 2y ago | Keycloak vulnerable to impersonation via logout token exchange | |||
| CVE-2023-6787 | unknown | — | — | 2y ago | Keycloak vulnerable to session hijacking via re-authentication | |||
| CVE-2023-6484 | unknown | — | — | 2y ago | Keycloak vulnerable to log Injection during WebAuthn authentication or registration | |||
| CVE-2023-6544 | unknown | — | — | 2y ago | Keycloak Authorization Bypass vulnerability | |||
| CVE-2023-3597 | unknown | — | — | 2y ago | Keycloak secondary factor bypass in step-up authentication | |||
| CVE-2023-6236 | unknown | — | — | 2y ago | WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log | |||
| CVE-2023-5685 | unknown | — | — | 2y ago | XNIO denial of service vulnerability | |||
| CVE-2023-51445 | unknown | — | — | 2y ago | Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API | |||
| CVE-2023-51444 | unknown | — | — | 2y ago | Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API | |||
| CVE-2023-41877 | unknown | — | — | 2y ago | GeoServer log file path traversal vulnerability | |||
| CVE-2023-50740 | unknown | — | — | 2y ago | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | |||
| CVE-2023-50378 | unknown | — | — | 2y ago | Apache Ambari: Various Cross site scripting problems | |||
| CVE-2023-51775 | unknown | — | — | 2y ago | jose4j denial of service via specifically crafted JWE | |||
| CVE-2023-45859 | unknown | — | — | 2y ago | Missing permission checks on Hazelcast client protocol | |||
| CVE-2023-50380 | unknown | — | — | 2y ago | Apache Ambari XML External Entity injection | |||
| CVE-2023-51747 | unknown | — | — | 2y ago | SMTP smuggling in Apache James | |||
| CVE-2023-50379 | unknown | — | — | 2y ago | Apache Ambari: authenticated users could perform command injection to perform RCE | |||
| CVE-2023-51518 | unknown | — | — | 2y ago | Apache James server: Privilege escalation via JMX pre-authentication deserialization | |||
| CVE-2023-47795 | unknown | — | — | 2y ago | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | |||
| CVE-2023-40191 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42498 | unknown | — | — | 2y ago | Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42496 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |