CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-22656
https://notcve.org/view.php?id=CVE-2023-22656
16 May 2024 — Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La lectura fuera de los límites en Intel(R) Media SDK y algún software Intel(R) oneVPL anterior a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-125: Out-of-bounds Read •
CVSS: 4.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45221
https://notcve.org/view.php?id=CVE-2023-45221
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Media SDK en todas las versiones pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2023-48368
https://notcve.org/view.php?id=CVE-2023-48368
16 May 2024 — Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. La validación de entrada incorrecta en todas las versiones del software Intel(R) Media SDK puede permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-47855
https://notcve.org/view.php?id=CVE-2023-47855
16 May 2024 — Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en algún software de módulo Intel(R) TDX anterior a la versión 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://security.netapp.com/advisory/ntap-20240621-0003 • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45745
https://notcve.org/view.php?id=CVE-2023-45745
16 May 2024 — Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en algún software de módulo Intel(R) TDX anterior a la versión 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://security.netapp.com/advisory/ntap-20240621-0003 • CWE-20: Improper Input Validation •
CVSS: 2.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45733 – intel-microcode: Race conditions in some Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-45733
16 May 2024 — Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. La lógica del hardware contiene condiciones de ejecución en algunos procesadores Intel(R) que pueden permitir que un usuario autenticado permita potencialmente la divulgación parcial de información a través del acceso local. A flaw was found in intel-microcode. The hardware logic contains race conditions in some Intel(R) processors that ma... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1298: Hardware Logic Contains Race Conditions •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-46103 – intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors
https://notcve.org/view.php?id=CVE-2023-46103
16 May 2024 — Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en los procesadores Intel(R) Core(TM) Ultra que pueden permitir que un usuario autenticado habilite potencialmente la denegación de servicio a través del acceso local. A flaw was found in intel-microcode. The sequence of processor instruct... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html • CWE-400: Uncontrolled Resource Consumption CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVSS: 6.3EPSS: 0%CPEs: 25EXPL: 1CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint. A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands a... • https://github.com/swsmith2391/CVE-2024-29510 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2024-33869 – ghostscript: path traversal and command execution due to path reduction
https://notcve.org/view.php?id=CVE-2024-33869
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. A flaw was found in Ghostscript. • https://bugs.ghostscript.com/show_bug.cgi?id=707691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-33870 – ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
https://notcve.org/view.php?id=CVE-2024-33870
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. • https://bugs.ghostscript.com/show_bug.cgi?id=707686 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •