CVEs from 2023
Total
6,442
critical
critical 221
high
high 1,481
medium
medium 1,383
low
low 30
% Critical
3.4%
% with KEV
2.5%
% with exploit
3.3%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- registrationmagic 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- cbot_panel 6
- codeready_linux_builder_eus 6
- openstack_platform 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-23920 | high | — | 8.0 | 3y ago | RHSA-2023:1743: nodejs:14 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21870 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21836 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-0590 | high | — | 8.0 | 3y ago | RHSA-2023:7077: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21868 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-1195 | high | — | 8.0 | 3y ago | RHSA-2023:2951: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21869 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21877 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21878 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-23517 | high | — | 8.0 | 3y ago | RHSA-2023:2834: webkit2gtk3 security and bug fix update (Important) | |||
| CVE-2023-21887 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21883 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-21963 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-53809 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() When a file descriptor of pppol2tp socket is passed as file des… | |||
| CVE-2023-21871 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2023-2319 | high | — | 8.0 | 3y ago | Important: pcs security and bug fix update | |||
| CVE-2023-53634 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPF_TRAMP_F_CALL_ORIG is set, BPF trampoline uses BLR to jump… | |||
| CVE-2023-31047 | high | — | 8.0 | 3y ago | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been suppo… | |||
| CVE-2023-30570 | high | — | 8.0 | 3y ago | RHSA-2023:3107: libreswan security update (Important) | |||
| CVE-2023-28617 | high | — | 8.0 | 3y ago | RHSA-2023:3104: emacs security update (Important) | |||
| CVE-2023-30608 | high | — | 8.0 | 3y ago | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This i… | |||
| CVE-2023-21939 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-21930 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-21954 | high | — | 8.0 | 3y ago | RHSA-2023:1908: java-1.8.0-openjdk security update (Important) | |||
| CVE-2023-21937 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-21938 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-21967 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-0547 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29479 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-28427 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-1999 | high | — | 8.0 | 3y ago | RHSA-2023:2076: libwebp security update (Important) | |||
| CVE-2023-29550 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29536 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29533 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29548 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29541 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29535 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-1945 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-29539 | high | — | 8.0 | 3y ago | RHSA-2023:1802: thunderbird security update (Important) | |||
| CVE-2023-25690 | high | — | 8.0 | 3y ago | RHSA-2023:1673: httpd:2.4 security update (Important) | |||
| CVE-2023-1476 | high | — | 8.0 | 3y ago | RHSA-2023:1659: kpatch-patch security update (Important) | |||
| CVE-2023-28154 | high | — | 8.0 | 3y ago | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain acc… | |||
| CVE-2023-0767 | high | — | 8.0 | 3y ago | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110… | |||
| CVE-2023-25752 | high | — | 8.0 | 3y ago | RHSA-2023:1403: thunderbird security update (Important) | |||
| CVE-2023-28164 | high | — | 8.0 | 3y ago | RHSA-2023:1403: thunderbird security update (Important) | |||
| CVE-2023-28176 | high | — | 8.0 | 3y ago | RHSA-2023:1403: thunderbird security update (Important) | |||
| CVE-2023-28162 | high | — | 8.0 | 3y ago | RHSA-2023:1403: thunderbird security update (Important) | |||
| CVE-2023-25751 | high | — | 8.0 | 3y ago | RHSA-2023:1403: thunderbird security update (Important) | |||
| CVE-2023-0179 | high | — | 8.0 | 3y ago | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Es… | |||
| CVE-2023-25743 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-0616 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25744 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25728 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25746 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25739 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25737 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25735 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25730 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25729 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25732 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-25742 | high | — | 8.0 | 3y ago | RHSA-2023:0821: thunderbird security update (Important) | |||
| CVE-2023-24580 | high | — | 8.0 | 3y ago | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart … | |||
| CVE-2023-0215 | high | — | 8.0 | 3y ago | RHSA-2023:2932: edk2 security update (Important) | |||
| CVE-2023-0286 | high | — | 8.0 | 3y ago | RHSA-2025:7895: compat-openssl10 security update (Important) | |||
| CVE-2023-0430 | high | — | 8.0 | 3y ago | RHSA-2023:0606: thunderbird security update (Important) | |||
| CVE-2023-23969 | high | — | 8.0 | 3y ago | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-… | |||
| CVE-2023-23603 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-23601 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-23599 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-23605 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-23598 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-23602 | high | — | 8.0 | 3y ago | RHSA-2023:0463: thunderbird security update (Important) | |||
| CVE-2023-22796 | high | — | 8.0 | 3y ago | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a sta… | |||
| CVE-2023-22799 | high | — | 8.0 | 3y ago | A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. … | |||
| CVE-2023-22794 | high | — | 8.0 | 3y ago | A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints`… | |||
| CVE-2023-22795 | high | — | 8.0 | 3y ago | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expressi… | |||
| CVE-2023-22792 | high | — | 8.0 | 3y ago | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause … | |||
| CVE-2023-53660 | high | — | 8.0 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptr_ring The following warning was reported when running xdp_redirect_cpu with both… | |||
| CVE-2023-1095 | high | — | 8.0 | 4y ago | RHSA-2023:2951: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2023-0459 | high | — | 8.0 | 4y ago | RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2023-3022 | high | — | 8.0 | 4y ago | RHSA-2022:1975: kernel-rt security and bug fix update (Important) | |||
| CVE-2023-1390 | high | — | 8.0 | 5y ago | RHSA-2021:1739: kernel-rt security and bug fix update (Important) | |||
| CVE-2023-52945 | high | 7.8 | 7.8 | 3d ago | Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors. | |||
| CVE-2023-7343 | high | 7.8 | 7.8 | 2mo ago | Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project … | |||
| CVE-2023-52927 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() wil… | |||
| CVE-2023-52614 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the mo… | |||
| CVE-2023-6817 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:0897: kernel security update (Important) | |||
| CVE-2023-6246 | high | 7.8 | 7.8 | 2y ago | A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog functio… | |||
| CVE-2023-44336 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … | |||
| CVE-2023-45898 | high | 7.8 | 7.8 | 3y ago | The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. | |||
| CVE-2023-38246 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution … | |||
| CVE-2023-29320 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code exec… | |||
| CVE-2023-38226 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution … | |||
| CVE-2023-38228 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … | |||
| CVE-2023-38231 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the conte… | |||
| CVE-2023-38225 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … | |||
| CVE-2023-38229 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the contex… | |||
| CVE-2023-38233 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the conte… | |||
| CVE-2023-38222 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … | |||
| CVE-2023-38227 | high | 7.8 | 7.8 | 3y ago | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … |