VIR Vulnerability Intelligence Relay

CVEs from 2023

6,208 normalized CVEs published or assigned in this year.

Total
6,208
critical
critical 239
high
high 1,497
medium
medium 1,400
low
low 30
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-38286 unknown 3y ago Spring-boot-admin sandbox bypass via crafted HTML
CVE-2023-3635 unknown 3y ago Okio Signed to Unsigned Conversion Error vulnerability
CVE-2023-37962 unknown 3y ago Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery
CVE-2023-37958 unknown 3y ago Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery
CVE-2023-37964 unknown 3y ago Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery
CVE-2023-37961 unknown 3y ago Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
CVE-2023-37959 unknown 3y ago Jenkins Sumologic Publisher Plugin missing permission check
CVE-2023-37963 unknown 3y ago Jenkins Benchmark Evaluator Plugin missing permission check
CVE-2023-37965 unknown 3y ago Jenkins ElasticBox CI Plugin missing permission check
CVE-2023-37960 unknown 3y ago Jenkins MathWorks Polyspace Plugin vulnerable to arbitrary file read
CVE-2023-37951 unknown 3y ago Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials
CVE-2023-37957 unknown 3y ago Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery
CVE-2023-37949 unknown 3y ago Jenkins Orka by MacStadium Plugin missing permission check
CVE-2023-37947 unknown 3y ago Jenkins OpenShift Login Plugin vulnerable to Open Redirect
CVE-2023-37955 unknown 3y ago Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
CVE-2023-37952 unknown 3y ago Jenkins mabl Plugin vulnerable to cross-site request forgery
CVE-2023-37945 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing permission check
CVE-2023-37943 unknown 3y ago Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
CVE-2023-37944 unknown 3y ago Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
CVE-2023-37946 unknown 3y ago Jenkins OpenShift Login Plugin session fixation vulnerability
CVE-2023-37956 unknown 3y ago Jenkins Test Results Aggregator Plugin missing permission check
CVE-2023-37942 unknown 3y ago Jenkins External Monitor Job Type Plugin XML external entity vulnerability
CVE-2023-37948 unknown 3y ago Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
CVE-2023-37954 unknown 3y ago Jenkins Rebuilder Plugin vulnerable to Cross Site Request Forgery
CVE-2023-37953 unknown 3y ago Jenkins mabl Plugin missing permission check
CVE-2023-30429 unknown 3y ago Apache Pulsar Incorrect Authorization vulnerability
CVE-2023-37579 unknown 3y ago Apache Pulsar Function Worker Incorrect Authorization vulnerability
CVE-2023-37582 unknown 3y ago RocketMQ NameServer component Code Injection vulnerability
CVE-2023-30428 unknown 3y ago Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
CVE-2023-31007 unknown 3y ago Apache Pulsar Broker Improper Authentication vulnerability
CVE-2023-32200 unknown 3y ago Apache Jena Expression Language Injection vulnerability
CVE-2023-37277 unknown 3y ago XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
CVE-2023-34442 unknown 3y ago Apache Camel information exposure vulnerability
CVE-2023-35887 unknown 3y ago Apache MINA SSHD information disclosure vulnerability
CVE-2023-33008 unknown 3y ago Apache Johnzon Deserialization of Untrusted Data vulnerability
CVE-2023-30601 unknown 3y ago Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
CVE-2023-29824 unknown 3y ago A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
CVE-2023-31454 unknown 3y ago Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
CVE-2023-31066 unknown 3y ago Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
CVE-2023-31098 unknown 3y ago Apache InLong has Weak Password Requirements in Apache InLong
CVE-2023-31065 unknown 3y ago Apache InLong Insufficient Session Expiration vulnerability
CVE-2023-31058 unknown 3y ago Apache InLong Deserialization of Untrusted Data Vulnerability
CVE-2023-31062 unknown 3y ago Apache InLong Improper Privilege Management vulnerability
CVE-2023-31103 unknown 3y ago Apache InLong Exposure of Resource to Wrong Sphere vulnerability
CVE-2023-31064 unknown 3y ago Apache InLong has Files or Directories Accessible to External Parties
CVE-2023-31453 unknown 3y ago Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability
CVE-2023-31206 unknown 3y ago Apache InLong Exposure of Resource to Wrong Sphere vulnerability
CVE-2023-28936 unknown 3y ago Apache OpenMeetings insufficient authorization vulnerability
CVE-2023-41044 unknown 3y ago Graylog server has partial path traversal vulnerability in Support Bundle feature
CVE-2023-41045 unknown 3y ago Graylog vulnerable to insecure source port usage for DNS queries
CVE-2023-41041 unknown 3y ago Graylog user session is still usable after logout
CVE-2023-30465 unknown 3y ago Apache InLong SQL Injection vulnerability
CVE-2023-27603 unknown 3y ago Apache Linkis Zip Slip issue
CVE-2023-26119 unknown 3y ago HtmlUnit Code Injection vulnerability
CVE-2023-27987 unknown 3y ago Apache Linkis Authentication Bypass vulnerability
CVE-2023-27602 unknown 3y ago Apache Linkis Unrestricted File Upload vulnerability
CVE-2023-28685 unknown 3y ago Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
CVE-2023-32732 unknown 3y ago gRPC connection termination issue
CVE-2023-25399 unknown 3y ago A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not …
CVE-2023-34150 unknown 3y ago Apache Any23 vulnerable to excessive memory usage
CVE-2023-33201 unknown 3y ago Bouncy Castle For Java LDAP injection vulnerability
CVE-2023-2974 unknown 3y ago quarkus-core vulnerable to client driven TLS cipher downgrading
CVE-2023-36468 unknown 3y ago Upgrading doesn't prevent exploiting vulnerable XWiki documents
CVE-2023-36469 unknown 3y ago XWiki Platform vulnerable to Code injection through NotificationRSSService
CVE-2023-36470 unknown 3y ago XWiki Platform vulnerable to Code Injection in icon themes
CVE-2023-36471 unknown 3y ago org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
CVE-2023-36477 unknown 3y ago XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
CVE-2023-2422 unknown 3y ago Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
CVE-2023-1664 unknown 3y ago Keycloak Untrusted Certificate Validation vulnerability
CVE-2023-2585 unknown 3y ago Client Spoofing within the Keycloak Device Authorisation Grant
CVE-2023-3432 unknown 3y ago PlantUML Server-Side Request Forgery vulnerability
CVE-2023-3431 unknown 3y ago PlantUML Improper Access Control vulnerability
CVE-2023-31469 unknown 3y ago Apache StreamPipes Improper Privilege Management vulnerability
CVE-2023-25499 unknown 3y ago Vaadin vulnerable to possible information disclosure in non visible components.
CVE-2023-25500 unknown 3y ago Vaadin vulnerable to possible information disclosure of class and method names in RPC response
CVE-2023-35925 unknown 3y ago FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
CVE-2023-35161 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
CVE-2023-35160 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
CVE-2023-35159 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
CVE-2023-35158 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
CVE-2023-35157 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
CVE-2023-35156 unknown 3y ago XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
CVE-2023-33725 unknown 3y ago Broadleaf vulnerable to Cross-site Scripting
CVE-2023-34981 unknown 3y ago A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th…
CVE-2023-34340 unknown 3y ago Apache Accumulo Improper Authentication vulnerability
CVE-2023-35166 unknown 3y ago XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
CVE-2023-35162 unknown 3y ago XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template
CVE-2023-35155 unknown 3y ago XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
CVE-2023-35153 unknown 3y ago XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
CVE-2023-35152 unknown 3y ago XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
CVE-2023-35151 unknown 3y ago XWiki Platform may show email addresses in clear in REST results
CVE-2023-35150 unknown 3y ago XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
CVE-2023-34467 unknown 3y ago XWiki Platform may retrieve email addresses of all users
CVE-2023-34466 unknown 3y ago XWiki Platform's tags on non-viewable pages can be revealed to users
CVE-2023-34465 unknown 3y ago XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
CVE-2023-34464 unknown 3y ago XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
CVE-2023-34462 unknown 3y ago netty-handler SniHandler 16MB allocation
CVE-2023-3315 unknown 3y ago Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
CVE-2023-34602 unknown 3y ago JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
CVE-2023-34603 unknown 3y ago JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo