VIR Vulnerability Intelligence Relay

CVEs from 2023

6,664 normalized CVEs published or assigned in this year.

Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-51580 medium 5.5 2y ago Moderate: bluez security update redhatdebiansuserockylinux
CVE-2023-52814 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, s… redhatsusedebian
CVE-2023-54114 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() As the call trace shows, skb_panic was caused by wrong sk… redhatsusedebian
CVE-2023-54118 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early,… redhatsusedebian
CVE-2023-52740 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can fl… redhatsusedebian
CVE-2023-53483 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() devm_kzalloc() may fail, clk_data->name might be NUL… redhatsusedebian
CVE-2023-52731 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the d… redhatsusedebian
CVE-2023-52749 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system… redhatsusedebian
CVE-2023-52920 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instruction… susedebianlinux
CVE-2023-54153 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsisten… redhatsusedebian
CVE-2023-48161 medium 5.5 2y ago Moderate: java-21-openjdk security update redhatrockylinuxdebiansuse
CVE-2023-38575 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-45733 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-46103 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-43490 medium 5.5 2y ago Moderate: microcode_ctl security update redhatalmalinuxsusedebian+1
CVE-2023-39368 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-22655 medium 5.5 2y ago Moderate: microcode_ctl security update redhatsusedebianrockylinux
CVE-2023-20584 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-31356 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-52439 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_devic… redhatrockylinuxsusedebian
CVE-2023-52801 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled… redhatsuserockylinuxdebian
CVE-2023-6349 medium 5.5 2y ago Moderate: libvpx security update rockylinuxsusedebian
CVE-2023-37920 medium 5.5 2y ago Moderate: fence-agents security update redhatrockylinuxsusedebian+1
CVE-2023-25433 medium 5.5 2y ago Moderate: libtiff security update rockylinuxdebian
CVE-2023-52458 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, ther… redhatsuserockylinuxdebian+1
CVE-2023-45236 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-45237 medium 5.5 2y ago Moderate: edk2 security update redhatrockylinuxdebiansuse
CVE-2023-31346 medium 5.5 2y ago Moderate: linux-firmware security update redhatrockylinuxsuse
CVE-2023-52607 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which… rockylinuxsusedebianalmalinux
CVE-2023-52598 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced pro… rockylinuxsusedebianalmalinux
CVE-2023-43361 medium 5.5 2y ago Moderate: vorbis-tools security update susedebian
CVE-2023-1513 medium 5.5 2y ago A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, caus… rockylinuxsusedebian
CVE-2023-39192 medium 5.5 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-… rockylinuxsusedebianalmalinux
CVE-2023-42755 medium 5.5 2y ago A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `r… rockylinuxsusedebianalmalinux
CVE-2023-6240 medium 5.5 2y ago A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting… redhatrockylinuxsusedebian+1
CVE-2023-40475 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-31490 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-47038 medium 5.5 2y ago Moderate: perl security update redhatsuserockylinuxdebian
CVE-2023-37327 medium 5.5 2y ago Moderate: gstreamer1-plugins-good security update redhatsusedebian
CVE-2023-41081 medium 5.5 2y ago Moderate: mod_jk and mod_proxy_cluster security update redhatsusedebian
CVE-2023-52323 medium 5.5 2y ago Moderate: fence-agents security and bug fix update redhatrockylinuxsusedebian+1
CVE-2023-5871 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-45863 medium 5.5 2y ago An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. redhatrockylinuxsusedebian+1
CVE-2023-39350 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-39352 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-3567 medium 5.5 2y ago A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak int… redhatrockylinuxsusedebian
CVE-2023-45287 medium 5.5 2y ago Moderate: runc security update redhatdebiangolang
CVE-2023-5088 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-46752 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-42754 medium 5.5 2y ago A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always t… redhatrockylinuxsusedebian+1
CVE-2023-37453 medium 5.5 2y ago An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. redhatrockylinuxsusedebian
CVE-2023-38471 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-42467 medium 5.5 2y ago Moderate: qemu-kvm security update redhatsuserockylinuxdebian
CVE-2023-5380 medium 5.5 2y ago Moderate: xorg-x11-server security update redhatsusedebian
CVE-2023-3255 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-28464 medium 5.5 2y ago hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a doub… redhatrockylinuxsusedebian
CVE-2023-29406 medium 5.5 2y ago Moderate: container-tools:rhel8 security and bug fix update rockylinuxredhatsusedebian+1
CVE-2023-43788 medium 5.5 2y ago Moderate: libXpm security update redhatrockylinuxsusedebian
CVE-2023-52610 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, t… redhatrockylinuxsusedebian+1
CVE-2023-52581 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switc… redhatrockylinuxsusedebian+1
CVE-2023-52580 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff patte… redhatrockylinuxsusedebian+1
CVE-2023-38470 medium 5.5 2y ago Moderate: avahi security update debianredhatrockylinuxsuse
CVE-2023-52574 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel N… redhatrockylinuxsusedebian+1
CVE-2023-53539 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to r… rockylinuxredhatsusedebian
CVE-2023-43789 medium 5.5 2y ago Moderate: motif security update redhatrockylinuxsusedebian
CVE-2023-51779 medium 5.5 2y ago bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. redhatrockylinuxsusedebian+1
CVE-2023-6915 medium 5.5 2y ago A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing ch… redhatrockylinuxsusedebian+1
CVE-2023-3618 medium 5.5 2y ago Moderate: libtiff security update redhatsusedebian
CVE-2023-6622 medium 5.5 2y ago A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user p… redhatrockylinuxsusedebian+1
CVE-2023-41175 medium 5.5 2y ago Moderate: libtiff security update redhatsusedebian
CVE-2023-53762 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is de… rockylinuxredhatsusedebian
CVE-2023-6917 medium 5.5 2y ago Moderate: pcp security update redhatsusedebian
CVE-2023-6710 medium 5.5 2y ago Moderate: mod_jk and mod_proxy_cluster security update redhat
CVE-2023-6176 medium 5.5 2y ago A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific … redhatrockylinuxsusedebian+1
CVE-2023-39356 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-24023 medium 5.5 2y ago Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key lengt… redhatrockylinuxsusedebian
CVE-2023-40474 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-51714 medium 5.5 2y ago Moderate: qt5-qtbase security update redhatsusedebian
CVE-2023-49083 medium 5.5 2y ago Moderate: python-cryptography security update redhatrockylinuxsusedebian+1
CVE-2023-41358 medium 5.5 2y ago Moderate: frr security update redhatrockylinuxdebiansuse
CVE-2023-43787 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-40476 medium 5.5 2y ago Moderate: gstreamer1-plugins-bad-free security update redhatrockylinuxsusedebian
CVE-2023-43622 medium 5.5 2y ago Moderate: mod_http2 security update debianredhatsuse
CVE-2023-39351 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-41359 medium 5.5 2y ago Moderate: frr security update redhatdebiansuse
CVE-2023-5215 medium 5.5 2y ago Moderate: libnbd security update redhatsusedebian
CVE-2023-3758 medium 5.5 2y ago Moderate: sssd security and bug fix update redhatrockylinuxsusedebian
CVE-2023-4874 medium 5.5 2y ago Moderate: mutt security update redhatrockylinuxsusedebian
CVE-2023-39198 medium 5.5 2y ago A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the … redhatrockylinuxsusedebian+1
CVE-2023-4875 medium 5.5 2y ago Moderate: mutt security update redhatrockylinuxsusedebian
CVE-2023-39354 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-43786 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian
CVE-2023-6683 medium 5.5 2y ago Moderate: qemu-kvm security update redhatrockylinuxsusedebian
CVE-2023-40181 medium 5.5 2y ago Moderate: freerdp security update redhatdebiansuse
CVE-2023-1579 medium 5.5 2y ago Moderate: mingw components security update redhatdebiansuserockylinux
CVE-2023-45897 medium 5.5 2y ago Moderate: exfatprogs security update redhatdebiansuserockylinux
CVE-2023-31083 medium 5.5 2y ago An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is s… redhatrockylinuxsusedebian
CVE-2023-53297 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, … redhatrockylinuxsusedebian
CVE-2023-31122 medium 5.5 2y ago Moderate: httpd security update debianredhatrockylinuxsuse
CVE-2023-43785 medium 5.5 2y ago Moderate: libX11 security update redhatrockylinuxsusedebian