VIR Vulnerability Intelligence Relay

CVEs from 2023

6,664 normalized CVEs published or assigned in this year.

Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-37920 medium 5.5 2y ago Moderate: fence-agents security update redhatrockylinuxsusedebian+1
CVE-2023-25433 medium 5.5 2y ago Moderate: libtiff security update rockylinuxdebian
CVE-2023-52458 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, ther… redhatsuserockylinuxdebian+1
CVE-2023-45237 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-31346 medium 5.5 2y ago Moderate: linux-firmware security update redhatrockylinuxsuse
CVE-2023-45236 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-52598 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced pro… rockylinuxsusedebianalmalinux
CVE-2023-52607 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which… rockylinuxsusedebianalmalinux
CVE-2023-42755 medium 5.5 2y ago A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `r… rockylinuxsusedebianalmalinux
CVE-2023-43361 medium 5.5 2y ago Moderate: vorbis-tools security update susedebian
CVE-2023-1513 medium 5.5 2y ago A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, caus… rockylinuxsusedebian
CVE-2023-39192 medium 5.5 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-… rockylinuxsusedebianalmalinux
CVE-2023-6240 medium 5.5 2y ago A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting… redhatrockylinuxsusedebian+1
CVE-2023-25775 medium 5.5 2y ago Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network acc… redhatrockylinuxsusedebian
CVE-2023-39189 medium 5.5 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_N… redhatrockylinuxsusedebian
CVE-2023-51780 medium 5.5 2y ago An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. redhatrockylinuxsusedebian+1
CVE-2023-42754 medium 5.5 2y ago A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always t… redhatrockylinuxsusedebian+1
CVE-2023-6917 medium 5.5 2y ago Moderate: pcp security update redhatsusedebian
CVE-2023-52610 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, t… redhatrockylinuxsusedebian+1
CVE-2023-52580 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff patte… redhatrockylinuxsusedebian+1
CVE-2023-52578 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from mult… redhatrockylinuxsusedebian+1
CVE-2023-43789 medium 5.5 2y ago Moderate: motif security update redhatrockylinuxsusedebian
CVE-2023-24023 medium 5.5 2y ago Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key lengt… redhatrockylinuxsusedebian
CVE-2023-45863 medium 5.5 2y ago An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. redhatrockylinuxsusedebian+1
CVE-2023-41360 medium 5.5 2y ago Moderate: frr security update redhatdebiansuse
CVE-2023-5380 medium 5.5 2y ago Moderate: xorg-x11-server security update redhatsusedebian
CVE-2023-3618 medium 5.5 2y ago Moderate: libtiff security update redhatsusedebian
CVE-2023-51779 medium 5.5 2y ago bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. redhatrockylinuxsusedebian+1
CVE-2023-45802 medium 5.5 2y ago Moderate: mod_http2 security update debianredhatrockylinuxsuse
CVE-2023-1579 medium 5.5 2y ago Moderate: mingw components security update redhatdebiansuserockylinux
CVE-2023-40569 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-46753 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-6228 medium 5.5 2y ago Moderate: libtiff security update redhatrockylinuxsusedebian
CVE-2023-4692 medium 5.5 2y ago Moderate: grub2 security update redhatrockylinuxsusedebian
CVE-2023-6622 medium 5.5 2y ago A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user p… redhatrockylinuxsusedebian+1
CVE-2023-6915 medium 5.5 2y ago A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing ch… redhatrockylinuxsusedebian+1
CVE-2023-29406 medium 5.5 2y ago Moderate: container-tools:rhel8 security and bug fix update rockylinuxredhatsusedebian+1
CVE-2023-6710 medium 5.5 2y ago Moderate: mod_jk and mod_proxy_cluster security update redhat
CVE-2023-38469 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-53297 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, … redhatrockylinuxsusedebian
CVE-2023-4875 medium 5.5 2y ago Moderate: mutt security update redhatrockylinuxsusedebian
CVE-2023-31122 medium 5.5 2y ago Moderate: httpd security update debianredhatrockylinuxsuse
CVE-2023-38473 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-40567 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-39354 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-39353 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-6683 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-3567 medium 5.5 2y ago A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak int… redhatrockylinuxsusedebian
CVE-2023-40474 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-53539 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to r… rockylinuxredhatsusedebian
CVE-2023-52448 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd-… redhatrockylinuxsusedebian+1
CVE-2023-39351 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-31083 medium 5.5 2y ago An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is s… redhatrockylinuxsusedebian
CVE-2023-43786 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-42467 medium 5.5 2y ago Moderate: qemu-kvm security update redhatsuserockylinuxdebian
CVE-2023-39356 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-52489 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory … redhatrockylinuxsusedebian+1
CVE-2023-3758 medium 5.5 2y ago Moderate: sssd security and bug fix update redhatrockylinuxsusedebian
CVE-2023-49083 medium 5.5 2y ago Moderate: python-cryptography security update redhatrockylinuxsusedebian+1
CVE-2023-5088 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-40475 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-53513 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbd_ioctl arg without verification. The UBSAN … rockylinuxredhatsusedebian
CVE-2023-45287 medium 5.5 2y ago Moderate: runc security update redhatdebiangolang
CVE-2023-31490 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-6176 medium 5.5 2y ago A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific … redhatrockylinuxsusedebian+1
CVE-2023-45897 medium 5.5 2y ago Moderate: exfatprogs security update redhatdebiansuserockylinux
CVE-2023-40186 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-38470 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-41081 medium 5.5 2y ago Moderate: mod_jk and mod_proxy_cluster security update redhatsusedebian
CVE-2023-31489 medium 5.5 2y ago Moderate: frr security update redhatdebiansuse
CVE-2023-28464 medium 5.5 2y ago hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a doub… redhatrockylinuxsusedebian
CVE-2023-53762 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is de… rockylinuxredhatsusedebian
CVE-2023-4693 medium 5.5 2y ago Moderate: grub2 security update redhatrockylinuxsusedebian
CVE-2023-4133 medium 5.5 2y ago A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work … redhatrockylinuxsusedebian+1
CVE-2023-37328 medium 5.5 2y ago Moderate: gstreamer1-plugins-base security update redhatdebiansuserockylinux
CVE-2023-5215 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-3255 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-39198 medium 5.5 2y ago A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the … redhatrockylinuxsusedebian+1
CVE-2023-43622 medium 5.5 2y ago Moderate: mod_http2 security update debianredhatsuse
CVE-2023-39352 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-51714 medium 5.5 2y ago Moderate: qt5-qtbase security update redhatsusedebian
CVE-2023-43788 medium 5.5 2y ago Moderate: libXpm security update redhatrockylinuxsusedebian
CVE-2023-39193 medium 5.5 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an ou… redhatrockylinuxsusedebian+1
CVE-2023-46316 medium 5.5 2y ago Moderate: traceroute security update redhatrockylinuxsusedebian
CVE-2023-52434 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb… redhatrockylinuxsusedebian+1
CVE-2023-46752 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-5871 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-37453 medium 5.5 2y ago An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. redhatrockylinuxsusedebian
CVE-2023-38471 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-52581 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switc… redhatrockylinuxsusedebian+1
CVE-2023-52323 medium 5.5 2y ago Moderate: fence-agents security and bug fix update redhatrockylinuxsusedebian+1
CVE-2023-40188 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-7008 medium 5.5 2y ago Moderate: systemd security update redhatrockylinuxsusedebian
CVE-2023-41359 medium 5.5 2y ago Moderate: frr security update redhatdebiansuse
CVE-2023-40476 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-37327 medium 5.5 2y ago Moderate: gstreamer1-plugins-good security update redhatsusedebian
CVE-2023-43787 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-47038 medium 5.5 2y ago Moderate: perl security update redhatsuserockylinuxdebian
CVE-2023-52574 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel N… redhatrockylinuxsusedebian+1
CVE-2023-41909 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse