VIR Vulnerability Intelligence Relay

CVEs from 2023

6,975 normalized CVEs published or assigned in this year.

Total
6,975
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.2%
% with KEV
2.3%
% with exploit
2.4%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-53744 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(… redhatsusedebian
CVE-2023-53752 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmalloc_reserve() Blamed commit changed: ptr = kmalloc(size); if (ptr) size = k… redhatsusedebian
CVE-2023-53731 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issu… redhatsusedebian
CVE-2023-53704 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Replace of_iomap() and kzalloc() with devm_of_iomap() and d… redhatsusedebian
CVE-2023-53697 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() Memory pointed by 'nd_pmu->pmu.attr_groups' is allocated in fun… redhatsusedebian
CVE-2023-53483 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() devm_kzalloc() may fail, clk_data->name might be NUL… redhatsusedebian
CVE-2023-54066 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When m… redhatsusedebian
CVE-2023-54019 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues w… redhatsusedebian
CVE-2023-52920 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instruction… susedebianlinux
CVE-2023-54153 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsisten… redhatsusedebian
CVE-2023-48161 medium 5.5 2y ago Moderate: java-21-openjdk security update redhatrockylinuxdebiansuse
CVE-2023-22655 medium 5.5 2y ago Moderate: microcode_ctl security update redhatsusedebianrockylinux
CVE-2023-46103 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-45733 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-43490 medium 5.5 2y ago Moderate: microcode_ctl security update redhatalmalinuxsusedebian+1
CVE-2023-39368 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-38575 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-20584 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-31356 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-52439 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_devic… redhatrockylinuxsusedebian
CVE-2023-52801 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled… redhatsuserockylinuxdebian
CVE-2023-6349 medium 5.5 2y ago Moderate: libvpx security update rockylinuxsusedebian
CVE-2023-37920 medium 5.5 2y ago Moderate: fence-agents security update redhatrockylinuxsusedebian+1
CVE-2023-25433 medium 5.5 2y ago Moderate: libtiff security update rockylinuxdebian
CVE-2023-52458 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, ther… redhatsuserockylinuxdebian+1
CVE-2023-45237 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-31346 medium 5.5 2y ago Moderate: linux-firmware security update redhatrockylinuxsuse
CVE-2023-45236 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-52598 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced pro… rockylinuxsusedebianalmalinux
CVE-2023-52607 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which… rockylinuxsusedebianalmalinux
CVE-2023-39192 medium 5.5 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-… rockylinuxsusedebianalmalinux
CVE-2023-42755 medium 5.5 2y ago A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `r… rockylinuxsusedebianalmalinux
CVE-2023-43361 medium 5.5 2y ago Moderate: vorbis-tools security update susedebian
CVE-2023-1513 medium 5.5 2y ago A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, caus… rockylinuxsusedebian
CVE-2023-6240 medium 5.5 2y ago A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting… redhatrockylinuxsusedebian+1
CVE-2023-4133 medium 5.5 2y ago A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work … redhatrockylinuxsusedebian+1
CVE-2023-39198 medium 5.5 2y ago A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the … redhatrockylinuxsusedebian+1
CVE-2023-42754 medium 5.5 2y ago A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always t… redhatrockylinuxsusedebian+1
CVE-2023-37453 medium 5.5 2y ago An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. redhatrockylinuxsusedebian
CVE-2023-40188 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-3567 medium 5.5 2y ago A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak int… redhatrockylinuxsusedebian
CVE-2023-45863 medium 5.5 2y ago An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. redhatrockylinuxsusedebian+1
CVE-2023-28464 medium 5.5 2y ago hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a doub… redhatrockylinuxsusedebian
CVE-2023-38470 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-43786 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-52448 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd-… redhatrockylinuxsusedebian+1
CVE-2023-53762 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is de… rockylinuxredhatsusedebian
CVE-2023-4874 medium 5.5 2y ago Moderate: mutt security update redhatrockylinuxsusedebian
CVE-2023-5215 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-39356 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-46752 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-6176 medium 5.5 2y ago A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific … redhatrockylinuxsusedebian+1
CVE-2023-5088 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-52489 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory … redhatrockylinuxsusedebian+1
CVE-2023-45897 medium 5.5 2y ago Moderate: exfatprogs security update redhatdebiansuserockylinux
CVE-2023-45287 medium 5.5 2y ago Moderate: runc security update redhatdebiangolang
CVE-2023-1579 medium 5.5 2y ago Moderate: mingw components security update redhatdebiansuserockylinux
CVE-2023-31083 medium 5.5 2y ago An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is s… redhatrockylinuxsusedebian
CVE-2023-3758 medium 5.5 2y ago Moderate: sssd security and bug fix update redhatrockylinuxsusedebian
CVE-2023-52574 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel N… redhatrockylinuxsusedebian+1
CVE-2023-51779 medium 5.5 2y ago bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. redhatrockylinuxsusedebian+1
CVE-2023-38471 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-52578 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from mult… redhatrockylinuxsusedebian+1
CVE-2023-43785 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-5871 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-38473 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-37328 medium 5.5 2y ago Moderate: gstreamer1-plugins-base security update redhatdebiansuserockylinux
CVE-2023-52434 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb… redhatrockylinuxsusedebian+1
CVE-2023-51780 medium 5.5 2y ago An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. redhatrockylinuxsusedebian+1
CVE-2023-51714 medium 5.5 2y ago Moderate: qt5-qtbase security update redhatsusedebian
CVE-2023-52610 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, t… redhatrockylinuxsusedebian+1
CVE-2023-43788 medium 5.5 2y ago Moderate: libXpm security update redhatrockylinuxsusedebian
CVE-2023-40475 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-46316 medium 5.5 2y ago Moderate: traceroute security update redhatrockylinuxsusedebian
CVE-2023-49083 medium 5.5 2y ago Moderate: python-cryptography security update redhatrockylinuxsusedebian+1
CVE-2023-7008 medium 5.5 2y ago Moderate: systemd security update redhatrockylinuxsusedebian
CVE-2023-5380 medium 5.5 2y ago Moderate: xorg-x11-server security update redhatsusedebian
CVE-2023-3255 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-52323 medium 5.5 2y ago Moderate: fence-agents security and bug fix update redhatrockylinuxsusedebian+1
CVE-2023-52581 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switc… redhatrockylinuxsusedebian+1
CVE-2023-41175 medium 5.5 2y ago Moderate: libtiff security update redhatsusedebian
CVE-2023-39350 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-38472 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-50186 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatsusedebianrockylinux
CVE-2023-39354 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-3618 medium 5.5 2y ago Moderate: libtiff security update redhatsusedebian
CVE-2023-41081 medium 5.5 2y ago Moderate: mod_jk and mod_proxy_cluster security update redhatsusedebian
CVE-2023-43622 medium 5.5 2y ago Moderate: mod_http2 security update debianredhatsuse
CVE-2023-43789 medium 5.5 2y ago Moderate: motif security update redhatrockylinuxsusedebian
CVE-2023-40474 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-41358 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-52160 medium 5.5 2y ago Moderate: wpa_supplicant security update redhatsuserockylinuxdebian
CVE-2023-42467 medium 5.5 2y ago Moderate: qemu-kvm security update redhatsuserockylinuxdebian
CVE-2023-47038 medium 5.5 2y ago Moderate: perl security update redhatsuserockylinuxdebian
CVE-2023-6683 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-41359 medium 5.5 2y ago Moderate: frr security update redhatdebiansuse
CVE-2023-40476 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-43787 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-6917 medium 5.5 2y ago Moderate: pcp security update redhatsusedebian
CVE-2023-4692 medium 5.5 2y ago Moderate: grub2 security update redhatrockylinuxsusedebian