CVEs from 2023
Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-43000 | high | — | 9.5 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-42917 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-5217 | high | — | 9.5 | 3y ago | Important: firefox security update | |
| CVE-2023-4863 | high | — | 9.5 | 3y ago | Important: firefox security update | |
| CVE-2023-38180 | high | — | 9.5 | 3y ago | Important: .NET 6.0 security, bug fix, and enhancement update | |
| CVE-2023-32435 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-42916 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability cou… | |
| CVE-2023-37450 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |
| CVE-2023-32439 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-41993 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |
| CVE-2023-32373 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-28204 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-28205 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-0386 | high | — | 9.5 | 3y ago | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capabl… | |
| CVE-2023-0266 | high | — | 9.5 | 3y ago | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a privi… | |
| CVE-2023-23529 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-4911 | high | 7.8 | 9.3 | 3y ago | Important: glibc security update | |
| CVE-2023-44487 | high | 7.5 | 9.0 | 3y ago | HTTP/2 Stream Cancellation Attack | |
| CVE-2023-43770 | unknown | — | 1.5 | 2y ago | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | |
| CVE-2023-46604 | unknown | — | 1.5 | 3y ago | Apache ActiveMQ is vulnerable to Remote Code Execution | |
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavio… | |
| CVE-2023-33246 | unknown | — | 1.5 | 3y ago | Apache RocketMQ may have remote code execution vulnerability when using update configuration function | |
| CVE-2023-32315 | unknown | — | 1.5 | 3y ago | Administration Console authentication bypass in openfire xmppserver |