CVEs from 2023
Total
6,106
critical
critical 240
high
high 1,529
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-54090 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus") adds supp… | |||
| CVE-2023-54289 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues(… | |||
| CVE-2023-54096 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for sound… | |||
| CVE-2023-54100 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work… | |||
| CVE-2023-54106 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5e_init_rep_rx The memory pointed to by the priv->rx_res pointer is not freed in the er… | |||
| CVE-2023-54274 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agen… | |||
| CVE-2023-39353 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2023-38473 | medium | — | 5.5 | 2y ago | RHSA-2023:7836: avahi security update (Moderate) | |||
| CVE-2023-40475 | medium | — | 5.5 | 2y ago | RHSA-2024:3060: gstreamer1-plugins-bad-free security update (Moderate) | |||
| CVE-2023-54201 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially … | |||
| CVE-2023-54186 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show … | |||
| CVE-2023-54184 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That … | |||
| CVE-2023-54179 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. … | |||
| CVE-2023-54169 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" o… | |||
| CVE-2023-54166 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndo_tx_timeout callback The Xeon validation group has been carrying out some loaded tests with vario… | |||
| CVE-2023-38472 | medium | — | 5.5 | 2y ago | RHSA-2023:7836: avahi security update (Moderate) | |||
| CVE-2023-39354 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2023-6228 | medium | — | 5.5 | 2y ago | RHSA-2024:5079: libtiff security update (Moderate) | |||
| CVE-2023-52144 | medium | 5.5 | 5.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. | |||
| CVE-2023-29483 | medium | — | 5.5 | 2y ago | Moderate: python-dns security update | |||
| CVE-2023-50374 | medium | 5.5 | 5.5 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. | |||
| CVE-2023-52425 | medium | — | 5.5 | 2y ago | RHSA-2024:4259: xmlrpc-c security and bug fix update (Moderate) | |||
| CVE-2023-4244 | medium | — | 5.5 | 2y ago | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control … | |||
| CVE-2023-45539 | medium | — | 5.5 | 2y ago | RHSA-2024:8849: haproxy security update (Moderate) | |||
| CVE-2023-21920 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-39326 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2023-22115 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21945 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21933 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22114 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21947 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-40225 | medium | — | 5.5 | 2y ago | Moderate: haproxy security update | |||
| CVE-2023-45285 | medium | — | 5.5 | 2y ago | Moderate: golang security update | |||
| CVE-2023-22068 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22104 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22059 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22058 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22057 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22054 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22048 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21953 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22038 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22056 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22032 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22005 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22046 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21935 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21919 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22110 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21929 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21946 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21911 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22008 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22084 | medium | — | 5.5 | 2y ago | RHSA-2025:0739: mariadb:10.5 security update (Moderate) | |||
| CVE-2023-21962 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22078 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22064 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21955 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22066 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22033 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22053 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22065 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22092 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22097 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22070 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22007 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22111 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21972 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21976 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21982 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22112 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22103 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22113 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21940 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-22079 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-21980 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2023-5992 | medium | — | 5.5 | 2y ago | RHSA-2024:0967: opensc security update (Moderate) | |||
| CVE-2023-5676 | medium | — | 5.5 | 2y ago | RHSA-2024:0866: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-28487 | medium | — | 5.5 | 2y ago | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | |||
| CVE-2023-42465 | medium | — | 5.5 | 2y ago | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling … | |||
| CVE-2023-28486 | medium | — | 5.5 | 2y ago | Sudo before 1.9.13 does not escape control characters in log messages. | |||
| CVE-2023-6135 | medium | — | 5.5 | 2y ago | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox <… | |||
| CVE-2023-5981 | medium | — | 5.5 | 2y ago | RHSA-2024:0627: gnutls security update (Moderate) | |||
| CVE-2023-38409 | medium | — | 5.5 | 2y ago | An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_… | |||
| CVE-2023-45803 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2023-42795 | medium | — | 5.5 | 2y ago | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0… | |||
| CVE-2023-38406 | medium | — | 5.5 | 2y ago | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | |||
| CVE-2023-47235 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdra… | |||
| CVE-2023-4001 | medium | — | 5.5 | 2y ago | Moderate: grub2 security update | |||
| CVE-2023-47234 | medium | — | 5.5 | 2y ago | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory … | |||
| CVE-2023-7104 | medium | — | 5.5 | 2y ago | RHSA-2024:0253: sqlite security update (Moderate) | |||
| CVE-2023-38407 | medium | — | 5.5 | 2y ago | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | |||
| CVE-2023-42794 | medium | — | 5.5 | 2y ago | Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in pro… | |||
| CVE-2023-45648 | medium | — | 5.5 | 2y ago | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not c… | |||
| CVE-2023-41080 | medium | — | 5.5 | 2y ago | Apache Tomcat Open Redirect vulnerability | |||
| CVE-2023-5388 | medium | — | 5.5 | 2y ago | Moderate: nss security update | |||
| CVE-2023-5455 | medium | — | 5.5 | 2y ago | RHSA-2024:0143: idm:DL1 security update (Moderate) | |||
| CVE-2023-5367 | medium | — | 5.5 | 3y ago | A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty fu… |