Vulnerabilities > Fedoraproject > Fedora > 38

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-32004 Path Traversal vulnerability in multiple products
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model.
network
low complexity
nodejs fedoraproject CWE-22
8.8
8.8
2023-08-15 CVE-2023-32006 The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
network
low complexity
nodejs fedoraproject
8.8
8.8
2023-08-14 CVE-2023-4322 Out-of-bounds Write vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
network
low complexity
radare fedoraproject CWE-787
critical
 9.8
9.8
2023-08-11 CVE-2023-3823 XXE vulnerability in multiple products
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded.
network
low complexity
php fedoraproject debian CWE-611
7.5
7.5
2023-08-11 CVE-2023-3824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
network
low complexity
php fedoraproject debian CWE-119
critical
 9.8
9.8
2023-08-11 CVE-2022-27635 Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel fedoraproject debian
6.7
6.7
2023-08-11 CVE-2022-36351 Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
intel fedoraproject debian
6.5
6.5
2023-08-11 CVE-2022-38076 Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel fedoraproject debian
7.8
7.8
2023-08-11 CVE-2022-40964 Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel fedoraproject debian
6.7
6.7
2023-08-11 CVE-2022-41804 Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
debian fedoraproject intel
6.7
6.7