CVEs from 2023
Total
6,189
critical
critical 221
high
high 1,481
medium
medium 1,384
low
low 30
% Critical
3.6%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- registrationmagic 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- cbot_panel 6
- codeready_linux_builder_eus 6
- openstack_platform 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27524 | unknown | — | 2.5 | 3y ago | Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altere… | |||
| CVE-2023-27350 | unknown | — | 2.5 | 3y ago | PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system. | |||
| CVE-2023-28432 | unknown | — | 2.5 | 3y ago | MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure. | |||
| CVE-2023-28252 | unknown | — | 2.5 | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-26360 | unknown | — | 2.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution. | |||
| CVE-2023-0669 | unknown | — | 2.5 | 3y ago | Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. | |||
| CVE-2023-22952 | unknown | — | 2.5 | 3y ago | Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates. | |||
| CVE-2023-27351 | unknown | — | 1.5 | 1mo ago | PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class. | |||
| CVE-2023-36424 | unknown | — | 1.5 | 2mo ago | Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation | |||
| CVE-2023-21529 | unknown | — | 1.5 | 2mo ago | Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution. | |||
| CVE-2023-41974 | unknown | — | 1.5 | 3mo ago | Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | |||
| CVE-2023-52163 | unknown | — | 1.5 | 5mo ago | Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi. | |||
| CVE-2023-50224 | unknown | — | 1.5 | 9mo ago | TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The imp… | |||
| CVE-2023-2533 | unknown | — | 1.5 | 10mo ago | PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. | |||
| CVE-2023-33538 | unknown | — | 1.5 | 1y ago | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) an… | |||
| CVE-2023-39780 | unknown | — | 1.5 | 1y ago | ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346. | |||
| CVE-2023-38950 | unknown | — | 1.5 | 1y ago | ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload. | |||
| CVE-2023-44221 | unknown | — | 1.5 | 1y ago | SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbi… | |||
| CVE-2023-20118 | unknown | — | 1.5 | 1y ago | Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker… | |||
| CVE-2023-34192 | unknown | — | 1.5 | 1y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoS… | |||
| CVE-2023-48365 | unknown | — | 1.5 | 1y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-45727 | unknown | — | 1.5 | 2y ago | North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated at… | |||
| CVE-2023-28461 | unknown | — | 1.5 | 2y ago | Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway. | |||
| CVE-2023-25280 | unknown | — | 1.5 | 2y ago | D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter t… | |||
| CVE-2023-21237 | unknown | — | 1.5 | 2y ago | Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a loc… | |||
| CVE-2023-29360 | unknown | — | 1.5 | 2y ago | Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. | |||
| CVE-2023-43770 | unknown | — | 1.5 | 2y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. | |||
| CVE-2023-4762 | unknown | — | 1.5 | 2y ago | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-34048 | unknown | — | 1.5 | 2y ago | VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. | |||
| CVE-2023-35082 | unknown | — | 1.5 | 2y ago | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the applicat… | |||
| CVE-2023-6548 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. | |||
| CVE-2023-6549 | unknown | — | 1.5 | 2y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or… | |||
| CVE-2023-41990 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | |||
| CVE-2023-38203 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-29300 | unknown | — | 1.5 | 2y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | |||
| CVE-2023-7024 | unknown | — | 1.5 | 2y ago | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-49897 | unknown | — | 1.5 | 3y ago | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-47565 | unknown | — | 1.5 | 3y ago | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | |||
| CVE-2023-6448 | unknown | — | 1.5 | 3y ago | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | |||
| CVE-2023-41266 | unknown | — | 1.5 | 3y ago | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session c… | |||
| CVE-2023-41265 | unknown | — | 1.5 | 3y ago | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | |||
| CVE-2023-33106 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_… | |||
| CVE-2023-33107 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||
| CVE-2023-33063 | unknown | — | 1.5 | 3y ago | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | |||
| CVE-2023-6345 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr… | |||
| CVE-2023-36584 | unknown | — | 1.5 | 3y ago | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | |||
| CVE-2023-36025 | unknown | — | 1.5 | 3y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | |||
| CVE-2023-36036 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2023-36033 | unknown | — | 1.5 | 3y ago | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36846 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-36847 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system i… | |||
| CVE-2023-36851 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system … | |||
| CVE-2023-47246 | unknown | — | 1.5 | 3y ago | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | |||
| CVE-2023-36844 | unknown | — | 1.5 | 3y ago | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. U… | |||
| CVE-2023-29552 | unknown | — | 1.5 | 3y ago | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a… | |||
| CVE-2023-46748 | unknown | — | 1.5 | 3y ago | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to exe… | |||
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2023-21608 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | |||
| CVE-2023-20109 | unknown | — | 1.5 | 3y ago | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative cont… | |||
| CVE-2023-41763 | unknown | — | 1.5 | 3y ago | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36563 | unknown | — | 1.5 | 3y ago | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-42824 | unknown | — | 1.5 | 3y ago | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-28229 | unknown | — | 1.5 | 3y ago | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | |||
| CVE-2023-4211 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | |||
| CVE-2023-41991 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | |||
| CVE-2023-41992 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | |||
| CVE-2023-41179 | unknown | — | 1.5 | 3y ago | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct r… | |||
| CVE-2023-26369 | unknown | — | 1.5 | 3y ago | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | |||
| CVE-2023-20269 | unknown | — | 1.5 | 3y ago | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an … | |||
| CVE-2023-35674 | unknown | — | 1.5 | 3y ago | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-36761 | unknown | — | 1.5 | 3y ago | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | |||
| CVE-2023-36802 | unknown | — | 1.5 | 3y ago | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-41064 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-… | |||
| CVE-2023-41061 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerabili… | |||
| CVE-2023-28434 | unknown | — | 1.5 | 3y ago | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… | |||
| CVE-2023-27532 | unknown | — | 1.5 | 3y ago | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure… | |||
| CVE-2023-26359 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | |||
| CVE-2023-24489 | unknown | — | 1.5 | 3y ago | Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | |||
| CVE-2023-35081 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can b… | |||
| CVE-2023-37580 | unknown | — | 1.5 | 3y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | |||
| CVE-2023-38606 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | |||
| CVE-2023-35078 | unknown | — | 1.5 | 3y ago | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with ac… | |||
| CVE-2023-38205 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-29298 | unknown | — | 1.5 | 3y ago | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | |||
| CVE-2023-36884 | unknown | — | 1.5 | 3y ago | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code exe… | |||
| CVE-2023-32049 | unknown | — | 1.5 | 3y ago | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | |||
| CVE-2023-35311 | unknown | — | 1.5 | 3y ago | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | |||
| CVE-2023-32046 | unknown | — | 1.5 | 3y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-32434 | unknown | — | 1.5 | 3y ago | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2023-27992 | unknown | — | 1.5 | 3y ago | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a craf… | |||
| CVE-2023-27997 | unknown | — | 1.5 | 3y ago | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted req… | |||
| CVE-2023-3079 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-33010 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to … | |||
| CVE-2023-33009 | unknown | — | 1.5 | 3y ago | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to c… | |||
| CVE-2023-32409 | unknown | — | 1.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impa… | |||
| CVE-2023-21492 | unknown | — | 1.5 | 3y ago | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space la… | |||
| CVE-2023-25717 | unknown | — | 1.5 | 3y ago | Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site … | |||
| CVE-2023-2136 | unknown | — | 1.5 | 3y ago | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2023-2033 | unknown | — | 1.5 | 3y ago | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-29492 | unknown | — | 1.5 | 3y ago | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. |