CVEs from 2023
Total
6,106
critical
critical 240
high
high 1,529
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52643 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iio_device_register_sysfs When iio_device_register_sysfs_group() fails, we should free iio_dev_opaque->… | |||
| CVE-2023-52473 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_… | |||
| CVE-2023-52659 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that th… | |||
| CVE-2023-50230 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-53572 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entr… | |||
| CVE-2023-51594 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-54165 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zs_map_object() to zs_malloc() Under memory pressure, we sometimes observe the following crash: [… | |||
| CVE-2023-52565 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. | |||
| CVE-2023-54019 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues w… | |||
| CVE-2023-52445 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thr… | |||
| CVE-2023-52528 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ====… | |||
| CVE-2023-52475 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate dri… | |||
| CVE-2023-52482 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which e… | |||
| CVE-2023-6681 | medium | — | 5.5 | 2y ago | Moderate: python-jwcrypto security update | |||
| CVE-2023-52649 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the last index of the array the cei… | |||
| CVE-2023-53613 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like … | |||
| CVE-2023-52632 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circul… | |||
| CVE-2023-51580 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-52663 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct… | |||
| CVE-2023-52498 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume… | |||
| CVE-2023-53173 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it… | |||
| CVE-2023-52492 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure… | |||
| CVE-2023-52625 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface [Why] We can hang in place trying to send commands when the DMCUB isn't… | |||
| CVE-2023-53702 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 ("crypto: s390 - add crypto library inter… | |||
| CVE-2023-52690 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory … | |||
| CVE-2023-52455 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are… | |||
| CVE-2023-53264 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically han… | |||
| CVE-2023-52637 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., … | |||
| CVE-2023-44431 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-53182 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Be… | |||
| CVE-2023-52758 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2023-53291 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale Running the 'kfree_rcu_test' test case [1] results in a … | |||
| CVE-2023-53704 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Replace of_iomap() and kzalloc() with devm_of_iomap() and d… | |||
| CVE-2023-53719 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() w… | |||
| CVE-2023-53249 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle th… | |||
| CVE-2023-53230 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifs_smb3_do_mount() This fixes the following warning reported by kernel test robot fs/smb/client/… | |||
| CVE-2023-53220 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and… | |||
| CVE-2023-53176 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the gene… | |||
| CVE-2023-53059 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `… | |||
| CVE-2023-52606 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instruc… | |||
| CVE-2023-52594 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_… | |||
| CVE-2023-52595 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues… | |||
| CVE-2023-52920 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instruction… | |||
| CVE-2023-54153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsisten… | |||
| CVE-2023-48161 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2023-52658 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-22655 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-43490 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-46103 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-38575 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-45733 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-39368 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-31356 | medium | — | 5.5 | 2y ago | Moderate: linux-firmware security update | |||
| CVE-2023-20584 | medium | — | 5.5 | 2y ago | Moderate: linux-firmware security update | |||
| CVE-2023-52463 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-52801 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-6349 | medium | — | 5.5 | 2y ago | RHSA-2024:5941: libvpx security update (Moderate) | |||
| CVE-2023-37920 | medium | — | 5.5 | 2y ago | Moderate: fence-agents security update | |||
| CVE-2023-25433 | medium | — | 5.5 | 2y ago | RHSA-2024:5079: libtiff security update (Moderate) | |||
| CVE-2023-52809 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-52458 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-45237 | medium | — | 5.5 | 2y ago | RHSA-2024:5297: edk2 security update (Moderate) | |||
| CVE-2023-45236 | medium | — | 5.5 | 2y ago | RHSA-2024:5297: edk2 security update (Moderate) | |||
| CVE-2023-31346 | medium | — | 5.5 | 2y ago | RHSA-2024:4262: linux-firmware security update (Moderate) | |||
| CVE-2023-52667 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-52626 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-38264 | medium | — | 5.5 | 2y ago | RHSA-2024:6595: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-52607 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which… | |||
| CVE-2023-52598 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced pro… | |||
| CVE-2023-53266 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version and conduit c… | |||
| CVE-2023-53648 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error… | |||
| CVE-2023-53798 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy… | |||
| CVE-2023-53698 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is ru… | |||
| CVE-2023-1513 | medium | — | 5.5 | 2y ago | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, caus… | |||
| CVE-2023-42755 | medium | — | 5.5 | 2y ago | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `r… | |||
| CVE-2023-39192 | medium | — | 5.5 | 2y ago | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-… | |||
| CVE-2023-43361 | medium | — | 5.5 | 2y ago | RHSA-2024:3095: vorbis-tools security update (Moderate) | |||
| CVE-2023-52737 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only l… | |||
| CVE-2023-6240 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-5090 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-53476 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() This condition needs to match the previous "if (epcp->sta… | |||
| CVE-2023-40589 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2023-53545 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csa_va properly Root PD BO should be reserved before unmap and remove a bo_va from VM otherwise lock… | |||
| CVE-2023-6917 | medium | — | 5.5 | 2y ago | A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operat… | |||
| CVE-2023-53559 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field… | |||
| CVE-2023-6228 | medium | — | 5.5 | 2y ago | RHSA-2024:5079: libtiff security update (Moderate) | |||
| CVE-2023-3758 | medium | — | 5.5 | 2y ago | RHSA-2024:3270: sssd security update (Moderate) | |||
| CVE-2023-38469 | medium | — | 5.5 | 2y ago | RHSA-2023:7836: avahi security update (Moderate) | |||
| CVE-2023-38472 | medium | — | 5.5 | 2y ago | RHSA-2023:7836: avahi security update (Moderate) | |||
| CVE-2023-41081 | medium | — | 5.5 | 2y ago | Moderate: mod_jk and mod_proxy_cluster security update | |||
| CVE-2023-53762 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is de… | |||
| CVE-2023-52973 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_d… | |||
| CVE-2023-37328 | medium | — | 5.5 | 2y ago | Moderate: gstreamer1-plugins-base security update | |||
| CVE-2023-47038 | medium | — | 5.5 | 2y ago | Moderate: perl security update | |||
| CVE-2023-43787 | medium | — | 5.5 | 2y ago | Moderate: libX11 security update | |||
| CVE-2023-43786 | medium | — | 5.5 | 2y ago | Moderate: libX11 security update | |||
| CVE-2023-53539 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to r… | |||
| CVE-2023-43785 | medium | — | 5.5 | 2y ago | Moderate: libX11 security update | |||
| CVE-2023-53999 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act tab… | |||
| CVE-2023-54169 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" o… |