VIR Vulnerability Intelligence Relay

CVEs from 2023

6,167 normalized CVEs published or assigned in this year.

Total
6,167
critical
critical 221
high
high 1,482
medium
medium 1,384
low
low 30
% Critical
3.6%
% with KEV
2.6%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • registrationmagic 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • cbot_panel 6
  • codeready_linux_builder_eus 6
  • openstack_platform 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-1289 unknown 3mo ago A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file …
CVE-2023-54164 unknown 5mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat…
CVE-2023-54130 unknown 5mo ago In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit…
CVE-2023-38693 unknown 1y ago Lucee RCE/XXE Vulnerability
CVE-2023-0482 unknown 1y ago Insecure Temporary File in RESTEasy
CVE-2023-37940 unknown 2y ago Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
CVE-2023-1419 unknown 2y ago Debezium database connector has a script injection vulnerability
CVE-2023-4639 unknown 2y ago Undertow incorrectly parses cookies
CVE-2023-1973 unknown 2y ago Undertow Denial of Service vulnerability
CVE-2023-1932 unknown 2y ago hibernate-validator Cross-site Scripting vulnerability
CVE-2023-50780 unknown 2y ago Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
CVE-2023-25581 unknown 2y ago pac4j-core affected by a Java deserialization vulnerability
CVE-2023-6841 unknown 2y ago Keycloak Denial of Service vulnerability
CVE-2023-49198 unknown 2y ago Apache SeaTunnel SQL Injection vulnerability
CVE-2023-45146 unknown 2y ago XXL-RPC Deserialization of Untrusted Data vulnerability
CVE-2023-42809 unknown 2y ago Redisson vulnerable to Deserialization of Untrusted Data
CVE-2023-28857 unknown 2y ago Apereo CAS vulnerable to credential leaks for LDAP authentication
CVE-2023-48396 unknown 2y ago Apache SeaTunnel Web Authentication vulnerability
CVE-2023-49921 unknown 2y ago Elasticsearch Insertion of Sensitive Information into Log File
CVE-2023-48362 unknown 2y ago XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
CVE-2023-7272 unknown 2y ago Eclipse Parsson stack overflow when parsing deeply nested input
CVE-2023-52291 unknown 2y ago Apache StreamPark: Unchecked maven build params could trigger remote command execution
CVE-2023-49566 unknown 2y ago Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
CVE-2023-41916 unknown 2y ago Apache Linkis DataSource allows arbitrary file reading
CVE-2023-46801 unknown 2y ago Apache Linkis DataSource remote code execution vulnerability
CVE-2023-46442 unknown 2y ago Soot Infinite Loop vulnerability
CVE-2023-35701 unknown 2y ago Apache Hive Code Injection vulnerability
CVE-2023-0657 unknown 2y ago Keycloak vulnerable to impersonation via logout token exchange
CVE-2023-6787 unknown 2y ago Keycloak vulnerable to session hijacking via re-authentication
CVE-2023-6484 unknown 2y ago Keycloak vulnerable to log Injection during WebAuthn authentication or registration
CVE-2023-6544 unknown 2y ago Keycloak Authorization Bypass vulnerability
CVE-2023-6717 unknown 2y ago Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
CVE-2023-3597 unknown 2y ago Keycloak secondary factor bypass in step-up authentication
CVE-2023-6236 unknown 2y ago WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
CVE-2023-5685 unknown 2y ago XNIO denial of service vulnerability
CVE-2023-51445 unknown 2y ago Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
CVE-2023-51444 unknown 2y ago Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
CVE-2023-41877 unknown 2y ago GeoServer log file path traversal vulnerability
CVE-2023-50740 unknown 2y ago Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
CVE-2023-50378 unknown 2y ago Apache Ambari: Various Cross site scripting problems
CVE-2023-51775 unknown 2y ago jose4j denial of service via specifically crafted JWE
CVE-2023-45859 unknown 2y ago Missing permission checks on Hazelcast client protocol
CVE-2023-50380 unknown 2y ago Apache Ambari XML External Entity injection
CVE-2023-51747 unknown 2y ago SMTP smuggling in Apache James
CVE-2023-51518 unknown 2y ago Apache James server: Privilege escalation via JMX pre-authentication deserialization
CVE-2023-50379 unknown 2y ago Apache Ambari: authenticated users could perform command injection to perform RCE
CVE-2023-47795 unknown 2y ago Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2023-42498 unknown 2y ago Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2023-40191 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2023-42496 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2023-49250 unknown 2y ago Improper Certificate Validation in Apache DolphinScheduler
CVE-2023-51770 unknown 2y ago Arbitrary File Read Vulnerability in Apache Dolphinscheduler
CVE-2023-50270 unknown 2y ago Session Fixation Apache DolphinScheduler
CVE-2023-49109 unknown 2y ago Remote Code Execution in Apache Dolphinscheduler
CVE-2023-44308 unknown 2y ago Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page
CVE-2023-5190 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
CVE-2023-45860 unknown 2y ago Hazelcast Platform permission checking in CSV File Source connector
CVE-2023-52428 unknown 2y ago Denial of Service in Connect2id Nimbus JOSE+JWT
CVE-2023-50298 unknown 2y ago Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
CVE-2023-50292 unknown 2y ago Apache Solr Schema Designer blindly "trusts" all configsets
CVE-2023-50291 unknown 2y ago Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
CVE-2023-47798 unknown 2y ago Liferay Portal's account lockout does not invalidate existing user sessions
CVE-2023-39196 unknown 2y ago Apache Ozone Improper Authentication vulnerability
CVE-2023-51437 unknown 2y ago Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
CVE-2023-34042 unknown 2y ago Spring Security's spring-security.xsd file is world writable
CVE-2023-51982 unknown 2y ago CrateDB authentication bypass vulnerability
CVE-2023-29055 unknown 2y ago Apache Kylin has Insufficiently Protected Credentials
CVE-2023-6267 unknown 2y ago Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
CVE-2023-6927 unknown 2y ago keycloak-core: open redirect via "form_post.jwt" JARM response mode
CVE-2023-51282 unknown 2y ago Code injection in mingSoft MCMS
CVE-2023-46226 unknown 2y ago Remote Code Execution vulnerability in Apache IoTDB via UDF
CVE-2023-46749 unknown 2y ago Apache Shiro vulnerable to path traversal
CVE-2023-50290 unknown 2y ago Apache Solr allows read access to host environmet variables
CVE-2023-49569 unknown 2y ago A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, rem…
CVE-2023-6147 unknown 2y ago Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
CVE-2023-6148 unknown 2y ago Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability
CVE-2023-6149 unknown 2y ago Qualys Jenkins Plugin for WAS XML External Entity vulnerability
CVE-2023-51441 unknown 2y ago Apache Axis Improper Input Validation vulnerability
CVE-2023-51784 unknown 2y ago Apache InLong Manager Remote Code Execution vulnerability
CVE-2023-51785 unknown 2y ago Apache InLong Manager Arbitrary File Read Vulnerability
CVE-2023-49299 unknown 2y ago Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
CVE-2023-50578 unknown 2y ago Mingsoft MCMS SQL injection
CVE-2023-41544 unknown 2y ago JeecgBoot server-side template injection
CVE-2023-41542 unknown 2y ago Jeecg Boot SQL injection vulnerability
CVE-2023-41543 unknown 2y ago Jeecg Boot SQL Injection
CVE-2023-3628 unknown 2y ago Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
CVE-2023-3629 unknown 2y ago Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
CVE-2023-50570 unknown 3y ago IPAddress Infinite Loop vulnerability (Disputed)
CVE-2023-50571 unknown 3y ago easy-rules-mvel vulnerable to remote code execution
CVE-2023-7148 unknown 3y ago ShifuML shifu code injection vulnerability
CVE-2023-5236 unknown 3y ago Infinispan circular object references causes out of memory errors
CVE-2023-5384 unknown 3y ago Infinispan caches credentials in clear text
CVE-2023-51084 unknown 3y ago hyavijava stack overflow vulnerability
CVE-2023-51074 unknown 3y ago json-path Out-of-bounds Write vulnerability
CVE-2023-51080 unknown 3y ago hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
CVE-2023-51075 unknown 3y ago hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
CVE-2023-51079 unknown 3y ago mvel2 TimeOut error exists in the ParseTools.subCompileExpression method
CVE-2023-49568 unknown 3y ago A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted res…
CVE-2023-27150 unknown 3y ago OpenCRX Cross-site Scripting vulnerability
CVE-2023-6911 unknown 3y ago WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability