VIR Vulnerability Intelligence Relay

CVEs from 2023

8,275 normalized CVEs published or assigned in this year.

Total
8,275
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
2.7%
% with KEV
2.0%
% with exploit
2.0%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-46822 medium 6.1 6.1 3y ago Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions.
CVE-2023-45630 medium 6.1 6.1 3y ago Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
CVE-2023-4663 medium 6.1 6.1 3y ago Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9. adobe
CVE-2023-4676 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS. This issue affects MedasPro: before 28.
CVE-2023-40205 medium 6.1 6.1 3y ago Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15 versions.
CVE-2023-25466 medium 6.1 6.1 3y ago Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.
CVE-2023-3652 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: be…
CVE-2023-36385 medium 6.1 6.1 3y ago Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
CVE-2023-2960 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS). This issue affects Oliva …
CVE-2023-2853 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS. This issue affects SelfPatron : before 2.0.
CVE-2023-1766 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS. This issue affects Panon: before 1.0.2.
CVE-2023-26001 medium 5.9 5.9 1y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: f…
CVE-2023-26000 medium 5.9 5.9 1y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0…
CVE-2023-6237 medium 5.9 5.9 2y ago Low: openssl and openssl-fips-provider security update redhatsuserockylinuxdebian
CVE-2023-4806 medium 5.9 5.9 2y ago Important: glibc security update redhatrockylinuxsusedebian+1
CVE-2023-25965 medium 5.9 5.9 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.
CVE-2023-48795 medium 5.9 5.9 3y ago The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from… redhatrockylinuxdebiansuse+8
CVE-2023-40403 medium 5.5 2mo ago Moderate: libxslt security update redhatrockylinuxsusedebian
CVE-2023-53034 medium 5.5 3mo ago Moderate: kernel security update redhatsuserockylinuxdebian
CVE-2023-54318 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add While doing smcr_port_add, there maybe linkg… redhatsusedebian
CVE-2023-52355 medium 5.5 7mo ago An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of servic… redhatsusedebian
CVE-2023-54119 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotify_freeing_mark() races with inotify_handle_inode_event() it can happen … redhatsusedebian
CVE-2023-53426 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interfac… redhatsusedebian
CVE-2023-53781 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in… redhatsusedebian
CVE-2023-54237 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() There is a certain chance to trigger the following panic:… redhatsusedebian
CVE-2023-54152 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939_sk_errqueue() This commit addresses a deadlock situation that can occur in certain s… redhatsusedebian
CVE-2023-52941 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions:… redhatsusedebian
CVE-2023-53226 medium 5.5 7mo ago Moderate: kernel-rt security update susedebian
CVE-2023-53494 medium 5.5 7mo ago Moderate: kernel security update redhatsusedebian
CVE-2023-53257 medium 5.5 7mo ago Moderate: kernel-rt security update susedebian
CVE-2023-53386 medium 5.5 7mo ago Moderate: kernel-rt security update rockylinuxsusedebian
CVE-2023-53331 medium 5.5 7mo ago In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), … redhatsuserockylinuxdebian
CVE-2023-53305 medium 5.5 8mo ago Moderate: kernel-rt security update rockylinuxsusedebian
CVE-2023-53373 medium 5.5 8mo ago Moderate: kernel security update redhatrockylinuxsusedebian
CVE-2023-53125 medium 5.5 8mo ago Moderate: kernel security update redhatsusedebian
CVE-2023-52933 medium 5.5 11mo ago Moderate: kernel security update redhatsusedebian
CVE-2023-24824 medium 5.5 1y ago Moderate: pandoc security update rockylinuxdebian
CVE-2023-53654 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPM_USX,… redhatsusedebian
CVE-2023-53261 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: coresight: Fix memory leak in acpi_buffer->pointer There are memory leaks reported by kmemleak: ... unreferenced object 0xffff002… redhatsusedebian
CVE-2023-52917 medium 5.5 1y ago RHSA-2025:6966: kernel security update (Moderate) redhatsuse
CVE-2023-46751 medium 5.5 1y ago Moderate: ghostscript security update redhatrockylinuxdebiansuse
CVE-2023-54313 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovl_get_acl_rcu() Following process: P1 P2 path_openat link_… redhatsusedebian
CVE-2023-53989 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapping_prot() sanity-check their 'virt' parameter,… redhatsusedebian
CVE-2023-54089 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: add the missing REQ_OP_WRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was -------… redhatsusedebian
CVE-2023-53196 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak Function dwc3_qcom_probe() allocates memory for resource structure which is pointed by… redhatsusedebian
CVE-2023-53066 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is va… redhatsusedebian
CVE-2023-53287 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set active part outside the spin lock The device may be scheduled during the resume process, so this can… redhatsusedebian
CVE-2023-53519 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock … redhatsusedebian
CVE-2023-53859 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: s390/idle: mark arch_cpu_idle() noinstr linux-next commit ("cpuidle: tracing: Warn about !rcu_is_watching()") adds a new warning … redhatsusedebian
CVE-2023-54230 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: amba: bus: fix refcount leak commit 5de1540b7bc4 ("drivers/amba: create devices from device tree") increases the refcount of of_n… redhatsusedebian
CVE-2023-53555 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damo_filter->list from damos_new_filter() damos_new_filter() is not initializing the list field of newl… redhatsusedebian
CVE-2023-52672 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression wa… redhatsusedebian
CVE-2023-53510 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is… redhatsusedebian
CVE-2023-54278 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the k… redhatsusedebian
CVE-2023-54117 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("dax: simplify the dax_device <-> gendisk associatio… redhatsusedebian
CVE-2023-54322 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related i… redhatsusedebian
CVE-2023-53117 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 redhatsusedebian
CVE-2023-53595 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer deref… redhatsusedebian
CVE-2023-53260 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovl_permission() Following process: P1 P2 path_lookupat lin… redhatsusedebian
CVE-2023-53568 medium 5.5 1y ago In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if dev_set_name() fails When dev_set_name() fails, zcdn_create() doesn't free the newly allocated … redhatsusedebian
CVE-2023-6693 medium 5.5 1y ago A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_V… redhatrockylinuxsusedebian
CVE-2023-52490 medium 5.5 1y ago Moderate: kernel security update redhatsusedebian
CVE-2023-41053 medium 5.5 2y ago Moderate: redis:7 security update redhatsusedebian
CVE-2023-52935 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Pa… redhatsusedebian
CVE-2023-52757 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no… redhatsusedebian
CVE-2023-52731 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the d… redhatsusedebian
CVE-2023-54227 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to… redhatsusedebian
CVE-2023-53752 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmalloc_reserve() Blamed commit changed: ptr = kmalloc(size); if (ptr) size = k… redhatsusedebian
CVE-2023-52473 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_… redhatsusedebian
CVE-2023-54136 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. redhatsusedebian
CVE-2023-52932 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CP… redhatsusedebian
CVE-2023-52859 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allo… redhatsusedebian
CVE-2023-52831 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, th… redhatsusedebian
CVE-2023-52814 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, s… redhatsusedebian
CVE-2023-54019 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues w… redhatsusedebian
CVE-2023-53401 medium 5.5 2y ago Moderate: kernel-rt security update rockylinuxredhatsusedebian
CVE-2023-52680 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not check… redhatsusedebian
CVE-2023-52625 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface [Why] We can hang in place trying to send commands when the DMCUB isn't… redhatsusedebian
CVE-2023-6681 medium 5.5 2y ago Moderate: python-jwcrypto security update redhatrockylinuxsusedebian+1
CVE-2023-52498 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume… redhatsusedebian
CVE-2023-52696 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory w… redhatsusedebian
CVE-2023-52758 medium 5.5 2y ago RHSA-2024:9315: kernel security update (Moderate) redhatsuse
CVE-2023-54268 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation f… redhatsusedebian
CVE-2023-52528 medium 5.5 2y ago Moderate: kernel update redhatrockylinuxsusedebian
CVE-2023-52565 medium 5.5 2y ago Moderate: kernel update redhatrockylinuxsusedebian
CVE-2023-52477 medium 5.5 2y ago Moderate: kernel update redhatrockylinuxsusedebian
CVE-2023-53173 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it… redhatsusedebian
CVE-2023-53176 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the gene… redhatsusedebian
CVE-2023-53662 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} If the filename casefolding fails, we'll be leaking memory f… redhatsusedebian
CVE-2023-52676 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the … redhatsusedebian
CVE-2023-52674 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and S… redhatsusedebian
CVE-2023-52788 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL … redhatsusedebian
CVE-2023-52837 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_di… redhatsusedebian
CVE-2023-53572 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entr… redhatsusedebian
CVE-2023-53531 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll r… redhatsusedebian
CVE-2023-53702 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 ("crypto: s390 - add crypto library inter… redhatsusedebian
CVE-2023-53719 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() w… redhatsusedebian
CVE-2023-53744 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(… redhatsusedebian
CVE-2023-53858 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error If clk_get_rate() fails, the clk that has… redhatsusedebian
CVE-2023-54301 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: 8250_bcm7271: fix leak in `brcmuart_probe` Smatch reports: drivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() w… redhatsusedebian