CVEs from 2023
Total
6,216
critical
critical 239
high
high 1,501
medium
medium 1,406
low
low 31
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-53480 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset->kobj.ktype in kset_register() When I register a kset in the following way: static struct kse… | |||
| CVE-2023-53482 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iommu_group_alloc() If either iommu_group_grate_file() fails then the iommu_group is leaked. Destroy … | |||
| CVE-2023-53484 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: lib: cpu_rmap: Avoid use after free on rmap->obj array entries When calling irq_set_affinity_notifier() with NULL at the notify a… | |||
| CVE-2023-53488 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the update counters work might be pen… | |||
| CVE-2023-53485 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-o… | |||
| CVE-2023-53491 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_protector function attribute Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot… | |||
| CVE-2023-53493 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decode_message() Copy the bounds checking from encode_message() to decode_message(). This… | |||
| CVE-2023-53498 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null dereference The adev->dm.dc pointer can be NULL and dereferenced in amdgpu_dm_fini() without … | |||
| CVE-2023-53495 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the si… | |||
| CVE-2023-53023 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This… | |||
| CVE-2023-53548 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-… | |||
| CVE-2023-53551 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_resume Consider a case where gserial_disconnect has already cleared gser… | |||
| CVE-2023-53554 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() The "exc->key_len" is a u16 that comes from the user. If … | |||
| CVE-2023-53560 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced variables wit… | |||
| CVE-2023-53557 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftrace_ops is unregistered While running bpf selftests it's possible to get following fault: … | |||
| CVE-2023-52885 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the… | |||
| CVE-2023-53562 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind errors Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Patchwor… | |||
| CVE-2023-53564 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent _… | |||
| CVE-2023-53565 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe() id argument being NULL The probe() id argument may be NULL in 2 scenarios: 1. brcmf_pcie_pm_le… | |||
| CVE-2023-53567 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case… | |||
| CVE-2023-52889 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets … | |||
| CVE-2023-53569 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise … | |||
| CVE-2023-53608 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race w… | |||
| CVE-2023-53610 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platform_irqchip_probe of_irq_find_parent() returns a node pointer with refcount incremented, We sh… | |||
| CVE-2023-53614 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree with the mmap_lock … | |||
| CVE-2023-53616 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free … | |||
| CVE-2023-53617 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree() in the later error handling in order to avoid memory leak. | |||
| CVE-2023-53618 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump [BUG] Syzbot reported a crash that an ASSERT() got triggered inside pr… | |||
| CVE-2023-53619 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free If nf_conntrack_init_start() fails (for example due to a register_n… | |||
| CVE-2023-53627 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(… | |||
| CVE-2023-53622 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2_show_options() Some fields such as gt_logd_secs of the struct gfs2_tune are accessed withou… | |||
| CVE-2023-53676 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() i… | |||
| CVE-2023-53680 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number,… | |||
| CVE-2023-53681 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch… | |||
| CVE-2023-53682 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hwmon: (xgene) Fix ioremap and memremap leak Smatch reports: drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc… | |||
| CVE-2023-53683 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode… | |||
| CVE-2023-53684 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied o… | |||
| CVE-2023-53693 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in raw_gadget driver Currently, increasing raw_dev->count happens before invoke the raw_queue_ev… | |||
| CVE-2023-53694 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a j… | |||
| CVE-2023-53695 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked in… | |||
| CVE-2023-1289 | unknown | — | — | 3mo ago | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file … | |||
| CVE-2023-54164 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat… | |||
| CVE-2023-54130 | unknown | — | — | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit… | |||
| CVE-2023-38693 | unknown | — | — | 1y ago | Lucee RCE/XXE Vulnerability | |||
| CVE-2023-0482 | unknown | — | — | 1y ago | Insecure Temporary File in RESTEasy | |||
| CVE-2023-37940 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page | |||
| CVE-2023-1419 | unknown | — | — | 2y ago | Debezium database connector has a script injection vulnerability | |||
| CVE-2023-4639 | unknown | — | — | 2y ago | Undertow incorrectly parses cookies | |||
| CVE-2023-1932 | unknown | — | — | 2y ago | hibernate-validator Cross-site Scripting vulnerability | |||
| CVE-2023-1973 | unknown | — | — | 2y ago | Undertow Denial of Service vulnerability | |||
| CVE-2023-50780 | unknown | — | — | 2y ago | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | |||
| CVE-2023-25581 | unknown | — | — | 2y ago | pac4j-core affected by a Java deserialization vulnerability | |||
| CVE-2023-6841 | unknown | — | — | 2y ago | Keycloak Denial of Service vulnerability | |||
| CVE-2023-49198 | unknown | — | — | 2y ago | Apache SeaTunnel SQL Injection vulnerability | |||
| CVE-2023-45146 | unknown | — | — | 2y ago | XXL-RPC Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-42809 | unknown | — | — | 2y ago | Redisson vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-28857 | unknown | — | — | 2y ago | Apereo CAS vulnerable to credential leaks for LDAP authentication | |||
| CVE-2023-48396 | unknown | — | — | 2y ago | Apache SeaTunnel Web Authentication vulnerability | |||
| CVE-2023-49921 | unknown | — | — | 2y ago | Elasticsearch Insertion of Sensitive Information into Log File | |||
| CVE-2023-48362 | unknown | — | — | 2y ago | XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill | |||
| CVE-2023-7272 | unknown | — | — | 2y ago | Eclipse Parsson stack overflow when parsing deeply nested input | |||
| CVE-2023-52291 | unknown | — | — | 2y ago | Apache StreamPark: Unchecked maven build params could trigger remote command execution | |||
| CVE-2023-49566 | unknown | — | — | 2y ago | Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability | |||
| CVE-2023-46801 | unknown | — | — | 2y ago | Apache Linkis DataSource remote code execution vulnerability | |||
| CVE-2023-41916 | unknown | — | — | 2y ago | Apache Linkis DataSource allows arbitrary file reading | |||
| CVE-2023-46442 | unknown | — | — | 2y ago | Soot Infinite Loop vulnerability | |||
| CVE-2023-35701 | unknown | — | — | 2y ago | Apache Hive Code Injection vulnerability | |||
| CVE-2023-0657 | unknown | — | — | 2y ago | Keycloak vulnerable to impersonation via logout token exchange | |||
| CVE-2023-6787 | unknown | — | — | 2y ago | Keycloak vulnerable to session hijacking via re-authentication | |||
| CVE-2023-6484 | unknown | — | — | 2y ago | Keycloak vulnerable to log Injection during WebAuthn authentication or registration | |||
| CVE-2023-6544 | unknown | — | — | 2y ago | Keycloak Authorization Bypass vulnerability | |||
| CVE-2023-6717 | unknown | — | — | 2y ago | Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow | |||
| CVE-2023-3597 | unknown | — | — | 2y ago | Keycloak secondary factor bypass in step-up authentication | |||
| CVE-2023-6236 | unknown | — | — | 2y ago | WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log | |||
| CVE-2023-5685 | unknown | — | — | 2y ago | XNIO denial of service vulnerability | |||
| CVE-2023-51445 | unknown | — | — | 2y ago | Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API | |||
| CVE-2023-51444 | unknown | — | — | 2y ago | Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API | |||
| CVE-2023-41877 | unknown | — | — | 2y ago | GeoServer log file path traversal vulnerability | |||
| CVE-2023-50740 | unknown | — | — | 2y ago | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | |||
| CVE-2023-50378 | unknown | — | — | 2y ago | Apache Ambari: Various Cross site scripting problems | |||
| CVE-2023-51775 | unknown | — | — | 2y ago | jose4j denial of service via specifically crafted JWE | |||
| CVE-2023-45859 | unknown | — | — | 2y ago | Missing permission checks on Hazelcast client protocol | |||
| CVE-2023-50380 | unknown | — | — | 2y ago | Apache Ambari XML External Entity injection | |||
| CVE-2023-51747 | unknown | — | — | 2y ago | SMTP smuggling in Apache James | |||
| CVE-2023-51518 | unknown | — | — | 2y ago | Apache James server: Privilege escalation via JMX pre-authentication deserialization | |||
| CVE-2023-50379 | unknown | — | — | 2y ago | Apache Ambari: authenticated users could perform command injection to perform RCE | |||
| CVE-2023-47795 | unknown | — | — | 2y ago | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | |||
| CVE-2023-42496 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-40191 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42498 | unknown | — | — | 2y ago | Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-50270 | unknown | — | — | 2y ago | Session Fixation Apache DolphinScheduler | |||
| CVE-2023-49250 | unknown | — | — | 2y ago | Improper Certificate Validation in Apache DolphinScheduler | |||
| CVE-2023-51770 | unknown | — | — | 2y ago | Arbitrary File Read Vulnerability in Apache Dolphinscheduler | |||
| CVE-2023-49109 | unknown | — | — | 2y ago | Remote Code Execution in Apache Dolphinscheduler | |||
| CVE-2023-44308 | unknown | — | — | 2y ago | Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page | |||
| CVE-2023-5190 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page | |||
| CVE-2023-45860 | unknown | — | — | 2y ago | Hazelcast Platform permission checking in CSV File Source connector | |||
| CVE-2023-52428 | unknown | — | — | 2y ago | Denial of Service in Connect2id Nimbus JOSE+JWT | |||
| CVE-2023-50298 | unknown | — | — | 2y ago | Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds | |||
| CVE-2023-50291 | unknown | — | — | 2y ago | Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies |