CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2023-7024	High	2.7%	GoogleChromium WebRTC	Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.	Jan 2, 2024	KEV
CVE-2023-7101	High	83.3%	Spreadsheet::ParseExcelSpreadsheet::ParseExcel	Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.	Jan 2, 2024	KEV
CVE-2023-49897	High	33.6%	FXCAE1021, AE1021PE	FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.	Dec 21, 2023	KEV
CVE-2023-47565	High	85.9%	QNAPVioStor NVR	QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.	Dec 21, 2023	KEV
CVE-2023-6448	High	13.3%	UnitronicsVision PLC and HMI	Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.	Dec 11, 2023	KEV
CVE-2023-41265	High	92.5%	QlikSense	Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.	Dec 7, 2023	KEV
CVE-2023-41266	High	94.3%	QlikSense	Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.	Dec 7, 2023	KEV
CVE-2023-33063	High	0.4%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.	Dec 5, 2023	KEV
CVE-2023-33106	High	0.2%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.	Dec 5, 2023	KEV
CVE-2022-22071	High	0.6%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.	Dec 5, 2023	KEV
CVE-2023-33107	High	0.2%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.	Dec 5, 2023	KEV
CVE-2023-42917	High	0.1%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Dec 4, 2023	KEV
CVE-2023-42916	High	0.0%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Dec 4, 2023	KEV
CVE-2023-49103	High	94.3%	ownCloudownCloud graphapi	ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.	Nov 30, 2023	KEV
CVE-2023-6345	High	1.5%	GoogleChromium Skia	Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.	Nov 30, 2023	KEV
CVE-2023-4911	High	59.5%	GNUGNU C Library	GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.	Nov 21, 2023	KEV
CVE-2023-1671	High	94.3%	SophosWeb Appliance	Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.	Nov 16, 2023	KEV
CVE-2023-36584	High	15.4%	MicrosoftWindows	Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.	Nov 16, 2023	KEV
CVE-2020-2551	High	94.4%	OracleFusion Middleware	Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.	Nov 16, 2023	KEV
CVE-2023-36033	High	0.9%	MicrosoftWindows	Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.	Nov 14, 2023	KEV

CVE-2023-7024KEV

High

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

GoogleEPSS 2.7%

CVE-2023-7101KEV

High

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

Spreadsheet::ParseExcelEPSS 83.3%

CVE-2023-49897KEV

High

FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.

FXCEPSS 33.6%

CVE-2023-47565KEV

High

QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

QNAPEPSS 85.9%

CVE-2023-6448KEV

High

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.

UnitronicsEPSS 13.3%

CVE-2023-41265KEV

High

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

QlikEPSS 92.5%

CVE-2023-41266KEV

High

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

QlikEPSS 94.3%

CVE-2023-33063KEV

High

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.

QualcommEPSS 0.4%

CVE-2023-33106KEV

High

Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

QualcommEPSS 0.2%

CVE-2022-22071KEV

High

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

QualcommEPSS 0.6%

CVE-2023-33107KEV

High

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

QualcommEPSS 0.2%

CVE-2023-42917KEV

High

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.1%

CVE-2023-42916KEV

High

Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.0%

CVE-2023-49103KEV

High

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.

ownCloudEPSS 94.3%

CVE-2023-6345KEV

High

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

GoogleEPSS 1.5%

CVE-2023-4911KEV

High

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

GNUEPSS 59.5%

CVE-2023-1671KEV

High

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

SophosEPSS 94.3%

CVE-2023-36584KEV

High

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

MicrosoftEPSS 15.4%

CVE-2020-2551KEV

High

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

OracleEPSS 94.4%

CVE-2023-36033KEV

High

Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 0.9%

57 58 59 60 61 62 63