CVEs from 2023
Total
6,107
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0122 | high | — | 8.0 | — | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Af… | |||
| CVE-2023-25012 | high | — | 8.0 | — | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | |||
| CVE-2023-0118 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |||
| CVE-2023-27753 | high | 8.0 | 8.0 | 25d ago | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||
| CVE-2023-49316 | high | — | 8.0 | 28d ago | Phpseclib needs guardrails on large binaryfield integers | |||
| CVE-2023-54035 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on ch… | |||
| CVE-2023-53064 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. P… | |||
| CVE-2023-53012 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to devic… | |||
| CVE-2023-34440 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2023-43758 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2023-52605 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2023-52922 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2023-22458 | high | — | 8.0 | 1y ago | RHSA-2025:0595: redis:6 security update (Important) | |||
| CVE-2023-25155 | high | — | 8.0 | 1y ago | RHSA-2025:0595: redis:6 security update (Important) | |||
| CVE-2023-28856 | high | — | 8.0 | 1y ago | RHSA-2025:0595: redis:6 security update (Important) | |||
| CVE-2023-45145 | high | — | 8.0 | 2y ago | Important: redis security update | |||
| CVE-2023-42950 | high | — | 8.0 | 2y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously … | |||
| CVE-2023-52679 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through th… | |||
| CVE-2023-52683 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if… | |||
| CVE-2023-52791 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. Howe… | |||
| CVE-2023-52686 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory whic… | |||
| CVE-2023-52811 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are al… | |||
| CVE-2023-52615 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when t… | |||
| CVE-2023-52451 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the dr… | |||
| CVE-2023-52813 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_tes… | |||
| CVE-2023-52762 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32… | |||
| CVE-2023-52878 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_s… | |||
| CVE-2023-52840 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees… | |||
| CVE-2023-52662 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, includi… | |||
| CVE-2023-52756 | high | — | 8.0 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2023-52730 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can n… | |||
| CVE-2023-52834 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX o… | |||
| CVE-2023-52784 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been … | |||
| CVE-2023-52464 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug … | |||
| CVE-2023-53597 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exce… | |||
| CVE-2023-52703 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is unini… | |||
| CVE-2023-52775 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. … | |||
| CVE-2023-42956 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | |||
| CVE-2023-54114 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() As the call trace shows, skb_panic was caused by wrong sk… | |||
| CVE-2023-42843 | high | — | 8.0 | 2y ago | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visit… | |||
| CVE-2023-52622 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_si… | |||
| CVE-2023-52560 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFI… | |||
| CVE-2023-52619 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd num… | |||
| CVE-2023-52648 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held… | |||
| CVE-2023-5841 | high | — | 8.0 | 2y ago | Important: openexr security update | |||
| CVE-2023-43010 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. P… | |||
| CVE-2023-52884 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52800 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k… | |||
| CVE-2023-52439 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52798 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code call… | |||
| CVE-2023-31315 | high | — | 8.0 | 2y ago | RHSA-2024:7481: linux-firmware security update (Important) | |||
| CVE-2023-52880 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52771 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52864 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52651 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52796 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack … | |||
| CVE-2023-52803 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir… | |||
| CVE-2023-52623 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running p… | |||
| CVE-2023-52764 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in dri… | |||
| CVE-2023-52777 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event … | |||
| CVE-2023-52847 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_ir… | |||
| CVE-2023-52845 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: … | |||
| CVE-2023-52471 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory whi… | |||
| CVE-2023-52530 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 d… | |||
| CVE-2023-52653 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2… | |||
| CVE-2023-52638 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2023-52781 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descr… | |||
| CVE-2023-52835 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with:… | |||
| CVE-2023-52669 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole blo… | |||
| CVE-2023-52877 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on … | |||
| CVE-2023-52700 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.39… | |||
| CVE-2023-52675 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memo… | |||
| CVE-2023-4727 | high | — | 8.0 | 2y ago | RHSA-2024:4367: pki-core security update (Important) | |||
| CVE-2023-6597 | high | — | 8.0 | 2y ago | An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereferenc… | |||
| CVE-2023-20592 | high | — | 8.0 | 2y ago | RHSA-2024:3178: linux-firmware security update (Important) | |||
| CVE-2023-39928 | high | — | 8.0 | 2y ago | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitra… | |||
| CVE-2023-53628 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs The gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still use am… | |||
| CVE-2023-53235 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-… | |||
| CVE-2023-53580 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC ga… | |||
| CVE-2023-53570 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to … | |||
| CVE-2023-53743 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free… | |||
| CVE-2023-53209 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, t… | |||
| CVE-2023-53784 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dw_hdmi: fix connector access for scdc Commit 5d844091f237 ("drm/scdc-helper: Pimp SCDC debugs") changed the scdc in… | |||
| CVE-2023-42970 | high | — | 8.0 | 2y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to … | |||
| CVE-2023-53810 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key has completed, filesystems can c… | |||
| CVE-2023-54154 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never f… | |||
| CVE-2023-53632 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features() Hold RTNL lock when calling xdp_set_features() with a reg… | |||
| CVE-2023-53860 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption tha… | |||
| CVE-2023-53649 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel->priv area In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in evsel->priv") it only wa… | |||
| CVE-2023-54242 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by z… | |||
| CVE-2023-54052 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem… | |||
| CVE-2023-54135 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offse… | |||
| CVE-2023-53018 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the m… | |||
| CVE-2023-53228 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amd… | |||
| CVE-2023-53193 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini The gmc.ecc_irq is enabled by firmware per IFWI setting, and the h… | |||
| CVE-2023-52522 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-53844 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. F… | |||
| CVE-2023-53833 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL ptr deref by checking new_crtc_state intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't… | |||
| CVE-2023-54031 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr … | |||
| CVE-2023-54060 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this was… |