CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2023-3823 – Security issue with external entity loading in XML without enabling it
https://notcve.org/view.php?id=CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/security/cve/CVE-2023-3823 https://bugzilla.redhat.com/show_bug.cgi?id=2229396 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 0%CPEs: 383EXPL: 0CVE-2022-41804
https://notcve.org/view.php?id=CVE-2022-41804
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. La inyección de errores no autorizada en Intel(R) SGX o Intel(R) TDX para algunos procesadores Intel(R) Xeon(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J https://security.netapp.com/advisory/ntap-20230915-0003 https://www.debian.org/security/2023/dsa-5474 • CWE-1334: Unauthorized Error Injection Can Degrade Hardware Redundancy •
CVSS: 6.0EPSS: 0%CPEs: 414EXPL: 0CVE-2023-23908
https://notcve.org/view.php?id=CVE-2023-23908
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J https://security.netapp.com/advisory/ntap-20230824-0003 https://www.debian.org/security/2023/dsa-5474 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22840
https://notcve.org/view.php?id=CVE-2023-22840
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L27GRS7E45IOCZ44VQX2NJ33GVRBWHBS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TULYSWHC3X76AIGGMUSLBTWOXNND6IEV • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22338
https://notcve.org/view.php?id=CVE-2023-22338
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. Lectura fuera de límites en algunos software GPU Intel(R) oneVPL anteriores a la versión 22.6.5 puede permitir a un usuario autenticado revelar información a través de acceso local. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L27GRS7E45IOCZ44VQX2NJ33GVRBWHBS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TULYSWHC3X76AIGGMUSLBTWOXNND6IEV • CWE-125: Out-of-bounds Read •