CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2023-34037
https://notcve.org/view.php?id=CVE-2023-34037
04 Aug 2023 — VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. VMware Horizon Server contiene una vulnerabilidad de contrabando de solicitudes HTTP. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP de contrabando. • https://www.vmware.com/security/advisories/VMSA-2023-0017.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20891 – VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-20891
26 Jul 2023 — The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. The VMware Tanzu Application Service for VM... • https://www.vmware.com/security/advisories/VMSA-2023-0016.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 30%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of func... • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 3CVE-2023-34035
https://notcve.org/view.php?id=CVE-2023-34035
18 Jul 2023 — Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Securi... • https://github.com/mouadk/CVE-2023-34035-Poc • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34036 – Forwarded header exploit with Spring HATEOAS on WebFlux
https://notcve.org/view.php?id=CVE-2023-34036
17 Jul 2023 — Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring W... • https://spring.io/security/cve-2023-34036 • CWE-116: Improper Encoding or Escaping of Output CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20899
https://notcve.org/view.php?id=CVE-2023-20899
06 Jul 2023 — VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. • https://www.vmware.com/security/advisories/VMSA-2023-0015.html • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25517
https://notcve.org/view.php?id=CVE-2023-25517
03 Jul 2023 — NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20896
https://notcve.org/view.php?id=CVE-2023-20896
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an o... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20895
https://notcve.org/view.php?id=CVE-2023-20895
22 Jun 2023 — The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 45%CPEs: 33EXPL: 0CVE-2023-20894
https://notcve.org/view.php?id=CVE-2023-20894
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially craft... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 • CWE-787: Out-of-bounds Write •