CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5088 | medium | — | 5.5 | 2y ago | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, fo… | |||
| CVE-2023-54070 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 ("igb: Enable SR-IOV after reinit"), removing the… | |||
| CVE-2023-54064 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssif_info_find() sets info->adapter_name if the adapte… | |||
| CVE-2023-7008 | medium | — | 5.5 | 2y ago | A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the u… | |||
| CVE-2023-53722 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-o… | |||
| CVE-2023-54201 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially … | |||
| CVE-2023-54186 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show … | |||
| CVE-2023-45897 | medium | — | 5.5 | 2y ago | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. | |||
| CVE-2023-54179 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. … | |||
| CVE-2023-54169 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" o… | |||
| CVE-2023-54166 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndo_tx_timeout callback The Xeon validation group has been carrying out some loaded tests with vario… | |||
| CVE-2023-54274 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agen… | |||
| CVE-2023-54289 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues(… | |||
| CVE-2023-31489 | medium | — | 5.5 | 2y ago | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | |||
| CVE-2023-31490 | medium | — | 5.5 | 2y ago | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | |||
| CVE-2023-41358 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | |||
| CVE-2023-41359 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP … | |||
| CVE-2023-41909 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | |||
| CVE-2023-46752 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | |||
| CVE-2023-46753 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | |||
| CVE-2023-53696 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() There is a memory leak reported by kmemleak: unreferenced object 0xffffc… | |||
| CVE-2023-53751 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times … | |||
| CVE-2023-54106 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5e_init_rep_rx The memory pointed to by the priv->rx_res pointer is not freed in the er… | |||
| CVE-2023-41081 | medium | — | 5.5 | 2y ago | Moderate: mod_jk and mod_proxy_cluster security update | |||
| CVE-2023-54100 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work… | |||
| CVE-2023-40475 | medium | — | 5.5 | 2y ago | RHSA-2024:3060: gstreamer1-plugins-bad-free security update (Moderate) | |||
| CVE-2023-53761 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a use… | |||
| CVE-2023-53843 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) re… | |||
| CVE-2023-54096 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for sound… | |||
| CVE-2023-4693 | medium | — | 5.5 | 2y ago | Moderate: grub2 security update | |||
| CVE-2023-53848 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5l_exit_log() Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") int… | |||
| CVE-2023-54324 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipat… | |||
| CVE-2023-39353 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2023-53202 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, … | |||
| CVE-2023-6917 | medium | — | 5.5 | 2y ago | A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operat… | |||
| CVE-2023-49083 | medium | — | 5.5 | 2y ago | RHSA-2025:14553: python-cryptography security update (Moderate) | |||
| CVE-2023-40589 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2023-43622 | medium | — | 5.5 | 2y ago | An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resou… | |||
| CVE-2023-53559 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field… | |||
| CVE-2023-53995 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bo… | |||
| CVE-2023-31122 | medium | — | 5.5 | 2y ago | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. | |||
| CVE-2023-54014 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Klocwork reported warning of rport maybe NULL and will be derefere… | |||
| CVE-2023-37328 | medium | — | 5.5 | 2y ago | Moderate: gstreamer1-plugins-base security update | |||
| CVE-2023-53210 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() r5l_flush_stripe_to_raid() will check if the list 'flushing_ios… | |||
| CVE-2023-3255 | medium | — | 5.5 | 2y ago | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the … | |||
| CVE-2023-6683 | medium | — | 5.5 | 2y ago | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the… | |||
| CVE-2023-54090 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus") adds supp… | |||
| CVE-2023-54072 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against… | |||
| CVE-2023-52144 | medium | 5.5 | 5.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. | |||
| CVE-2023-29483 | medium | — | 5.5 | 2y ago | Moderate: python-dns security update | |||
| CVE-2023-50374 | medium | 5.5 | 5.5 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. | |||
| CVE-2023-52425 | medium | — | 5.5 | 2y ago | RHSA-2024:4259: xmlrpc-c security and bug fix update (Moderate) | |||
| CVE-2023-4244 | medium | — | 5.5 | 2y ago | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control … | |||
| CVE-2023-22113 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22103 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-45539 | medium | — | 5.5 | 2y ago | RHSA-2024:8849: haproxy security update (Moderate) | |||
| CVE-2023-21955 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-45285 | medium | — | 5.5 | 2y ago | Moderate: golang security update | |||
| CVE-2023-21940 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21972 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22111 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22066 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21933 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22054 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21953 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22097 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21929 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21919 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22065 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22053 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22033 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22064 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21911 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21962 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22078 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-40225 | medium | — | 5.5 | 2y ago | Moderate: haproxy security update | |||
| CVE-2023-22115 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22008 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22068 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22057 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21935 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21946 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22032 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22084 | medium | — | 5.5 | 2y ago | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerabilit… | |||
| CVE-2023-22092 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22110 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22005 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22046 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22104 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-39326 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2023-21976 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22079 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22070 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22007 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21980 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21947 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21945 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21920 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) |