VIR Vulnerability Intelligence Relay

CVEs from 2023

6,106 normalized CVEs published or assigned in this year.

Total
6,106
critical
critical 240
high
high 1,529
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-40181 medium 5.5 2y ago Moderate: freerdp security update
CVE-2023-39356 medium 5.5 2y ago Moderate: freerdp security update
CVE-2023-38469 medium 5.5 2y ago RHSA-2023:7836: avahi security update (Moderate)
CVE-2023-52160 medium 5.5 2y ago Moderate: wpa_supplicant security update
CVE-2023-39350 medium 5.5 2y ago Moderate: freerdp security update
CVE-2023-5871 medium 5.5 2y ago Moderate: libnbd security update
CVE-2023-38470 medium 5.5 2y ago RHSA-2023:7836: avahi security update (Moderate)
CVE-2023-5215 medium 5.5 2y ago Moderate: libnbd security update
CVE-2023-41360 medium 5.5 2y ago An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
CVE-2023-40475 medium 5.5 2y ago RHSA-2024:3060: gstreamer1-plugins-bad-free security update (Moderate)
CVE-2023-38471 medium 5.5 2y ago RHSA-2023:7836: avahi security update (Moderate)
CVE-2023-45802 medium 5.5 2y ago When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection c…
CVE-2023-38473 medium 5.5 2y ago RHSA-2023:7836: avahi security update (Moderate)
CVE-2023-53354 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zeroco…
CVE-2023-53451 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate …
CVE-2023-53148 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: igb: Fix igb_down hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type…
CVE-2023-53297 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, …
CVE-2023-53442 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at …
CVE-2023-52144 medium 5.5 5.5 2y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15.
CVE-2023-29483 medium 5.5 2y ago Moderate: python-dns security update
CVE-2023-50374 medium 5.5 5.5 2y ago Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10.
CVE-2023-52425 medium 5.5 2y ago RHSA-2024:4259: xmlrpc-c security and bug fix update (Moderate)
CVE-2023-4244 medium 5.5 2y ago A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control …
CVE-2023-22079 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22070 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21940 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21955 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22038 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22111 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22084 medium 5.5 2y ago RHSA-2025:0739: mariadb:10.5 security update (Moderate)
CVE-2023-21972 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22059 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22058 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22057 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22113 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21933 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22104 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22112 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22048 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-45285 medium 5.5 2y ago Moderate: golang security update
CVE-2023-22005 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22046 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21919 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22008 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21966 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-40225 medium 5.5 2y ago Moderate: haproxy security update
CVE-2023-22064 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22066 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22033 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21946 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22053 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22065 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22092 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22097 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21911 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22110 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-45539 medium 5.5 2y ago RHSA-2024:8849: haproxy security update (Moderate)
CVE-2023-21929 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22007 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21953 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22068 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21962 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21980 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22078 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21935 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21945 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21920 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22032 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21947 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21976 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-21982 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-39326 medium 5.5 2y ago Moderate: container-tools:rhel8 security update
CVE-2023-21977 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22056 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22054 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22114 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22103 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-22115 medium 5.5 2y ago RHSA-2024:0894: mysql:8.0 security update (Moderate)
CVE-2023-5992 medium 5.5 2y ago RHSA-2024:0967: opensc security update (Moderate)
CVE-2023-5676 medium 5.5 2y ago RHSA-2024:0866: java-1.8.0-ibm security update (Moderate)
CVE-2023-42465 medium 5.5 2y ago Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling …
CVE-2023-28487 medium 5.5 2y ago Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVE-2023-28486 medium 5.5 2y ago Sudo before 1.9.13 does not escape control characters in log messages.
CVE-2023-6135 medium 5.5 2y ago Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox <…
CVE-2023-5981 medium 5.5 2y ago RHSA-2024:0627: gnutls security update (Moderate)
CVE-2023-42794 medium 5.5 2y ago Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in pro…
CVE-2023-45648 medium 5.5 2y ago Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not c…
CVE-2023-4001 medium 5.5 2y ago Moderate: grub2 security update
CVE-2023-38409 medium 5.5 2y ago An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_…
CVE-2023-42795 medium 5.5 2y ago Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0…
CVE-2023-7104 medium 5.5 2y ago RHSA-2024:0253: sqlite security update (Moderate)
CVE-2023-45803 medium 5.5 2y ago Moderate: container-tools:rhel8 security update
CVE-2023-41080 medium 5.5 2y ago Apache Tomcat Open Redirect vulnerability
CVE-2023-47234 medium 5.5 2y ago An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory …
CVE-2023-38406 medium 5.5 2y ago bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-47235 medium 5.5 2y ago An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdra…
CVE-2023-38407 medium 5.5 2y ago bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-5388 medium 5.5 2y ago Moderate: nss security update
CVE-2023-5455 medium 5.5 2y ago RHSA-2024:0143: idm:DL1 security update (Moderate)
CVE-2023-5367 medium 5.5 3y ago A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty fu…