Fedoraproject: Security Vulnerabilities
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVSS Score
7.3
EPSS Score
0.002
Published
2023-08-14
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVSS Score
9.4
EPSS Score
0.186
Published
2023-08-11
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-08-11
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS Score
6.0
EPSS Score
0.0
Published
2023-08-11
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-08-11
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-08-11
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-08-11
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-08-11
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
7.9
EPSS Score
0.0
Published
2023-08-11
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-08-11