CVEs from 2023
Total
6,112
critical
critical 239
high
high 1,527
medium
medium 1,390
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28484 | medium | — | 5.5 | 3y ago | Moderate: libxml2 security update | |||
| CVE-2023-30079 | medium | — | 5.5 | 3y ago | Moderate: libeconf security update | |||
| CVE-2023-28322 | medium | — | 5.5 | 3y ago | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even whe… | |||
| CVE-2023-29469 | medium | — | 5.5 | 3y ago | Moderate: libxml2 security update | |||
| CVE-2023-28321 | medium | — | 5.5 | 3y ago | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl… | |||
| CVE-2023-32681 | medium | — | 5.5 | 3y ago | Moderate: python-requests security update | |||
| CVE-2023-22652 | medium | — | 5.5 | 3y ago | Moderate: libeconf security update | |||
| CVE-2023-30581 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2023-30588 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2023-30589 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2023-30590 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2023-3347 | medium | — | 5.5 | 3y ago | RHSA-2023:4328: samba security and bug fix update (Moderate) | |||
| CVE-2023-22044 | medium | — | 5.5 | 3y ago | RHSA-2023:4159: java-17-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-25193 | medium | — | 5.5 | 3y ago | RHSA-2024:2980: harfbuzz security update (Moderate) | |||
| CVE-2023-3128 | medium | — | 5.5 | 3y ago | RHSA-2023:6972: grafana security and enhancement update (Moderate) | |||
| CVE-2023-33162 | medium | 5.5 | 5.5 | 3y ago | Microsoft Excel Information Disclosure Vulnerability | |||
| CVE-2023-36617 | medium | — | 5.5 | 3y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2023-26604 | medium | — | 5.5 | 3y ago | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifical… | |||
| CVE-2023-0795 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-0804 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-2700 | medium | — | 5.5 | 3y ago | RHSA-2023:3822: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2023-0801 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0796 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-1255 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-28466 | medium | — | 5.5 | 3y ago | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |||
| CVE-2023-0800 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0466 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-2455 | medium | — | 5.5 | 3y ago | Moderate: postgresql:15 security update | |||
| CVE-2023-2454 | medium | — | 5.5 | 3y ago | Moderate: postgresql:15 security update | |||
| CVE-2023-0465 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0464 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0799 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-0803 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0802 | medium | — | 5.5 | 3y ago | RHSA-2023:5353: libtiff security update (Moderate) | |||
| CVE-2023-0797 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-2650 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0798 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-24537 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24536 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24534 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24539 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24540 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-24538 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-29400 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2023-25567 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25563 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25566 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25565 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-25564 | medium | — | 5.5 | 3y ago | RHSA-2023:3097: gssntlmssp security update (Moderate) | |||
| CVE-2023-27535 | medium | — | 5.5 | 3y ago | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created con… | |||
| CVE-2023-0664 | medium | — | 5.5 | 3y ago | A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their p… | |||
| CVE-2023-52340 | medium | — | 5.5 | 3y ago | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when… | |||
| CVE-2023-30774 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-30086 | medium | — | 5.5 | 3y ago | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. | |||
| CVE-2023-30775 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2023-1017 | medium | — | 5.5 | 3y ago | Moderate: libtpms security update | |||
| CVE-2023-1018 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-23936 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-23919 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-24807 | medium | — | 5.5 | 3y ago | RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-23009 | medium | — | 5.5 | 3y ago | RHSA-2023:3095: libreswan security and bug fix update (Moderate) | |||
| CVE-2023-25725 | medium | — | 5.5 | 3y ago | Moderate: haproxy security update | |||
| CVE-2023-23916 | medium | — | 5.5 | 3y ago | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed mult… | |||
| CVE-2023-0056 | medium | — | 5.5 | 3y ago | Moderate: haproxy security update | |||
| CVE-2023-28755 | medium | — | 5.5 | 3y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2023-28756 | medium | — | 5.5 | 3y ago | RHSA-2024:3500: ruby:3.0 security update (Moderate) | |||
| CVE-2023-0778 | medium | — | 5.5 | 3y ago | RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) | |||
| CVE-2023-23391 | medium | 5.5 | 5.5 | 3y ago | Office for Android Spoofing Vulnerability | |||
| CVE-2023-27539 | medium | — | 5.5 | 3y ago | RHSA-2023:3082: pcs security and bug fix update (Moderate) | |||
| CVE-2023-0361 | medium | — | 5.5 | 3y ago | Moderate: gnutls security and bug fix update | |||
| CVE-2023-27530 | medium | — | 5.5 | 3y ago | RHSA-2023:3082: pcs security and bug fix update (Moderate) | |||
| CVE-2023-0217 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0401 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0216 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2023-0494 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write … | |||
| CVE-2023-21843 | medium | — | 5.5 | 3y ago | RHSA-2023:0208: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-21538 | medium | — | 5.5 | 3y ago | RHSA-2023:0079: .NET 6.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-28410 | medium | — | 5.5 | 4y ago | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially en… | |||
| CVE-2023-4387 | medium | — | 5.5 | 4y ago | A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to… | |||
| CVE-2023-53181 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if … | |||
| CVE-2023-2008 | medium | — | 5.5 | 4y ago | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can re… | |||
| CVE-2023-21950 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-30441 | medium | — | 5.5 | 4y ago | RHSA-2022:6735: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-21872 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-21866 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-30059 | medium | 5.4 | 5.4 | 24d ago | An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. | |||
| CVE-2023-32238 | medium | 5.4 | 5.4 | 5mo ago | Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | |||
| CVE-2023-25445 | medium | 5.4 | 5.4 | 6mo ago | Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1. | |||
| CVE-2023-23729 | medium | 5.4 | 5.4 | 6mo ago | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |||
| CVE-2023-32240 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1. | |||
| CVE-2023-47661 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from … | |||
| CVE-2023-47225 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6… | |||
| CVE-2023-47187 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rota… | |||
| CVE-2023-46633 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2. | |||
| CVE-2023-46616 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15. | |||
| CVE-2023-46607 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from … | |||
| CVE-2023-46079 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | |||
| CVE-2023-45828 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |||
| CVE-2023-45636 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPr… | |||
| CVE-2023-45631 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gal… |