CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20865
https://notcve.org/view.php?id=CVE-2023-20865
20 Apr 2023 — VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20873 – spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
https://notcve.org/view.php?id=CVE-2023-20873
20 Apr 2023 — In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. • https://security.netapp.com/advisory/ntap-20230601-0009 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 0CVE-2023-20864 – VMware Aria Operations for Logs Cluster Controller Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-20864
20 Apr 2023 — VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController class. The issue results from the lack of pro... • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20862 – spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout
https://notcve.org/view.php?id=CVE-2023-20862
19 Apr 2023 — In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to ... • https://security.netapp.com/advisory/ntap-20230526-0002 • CWE-459: Incomplete Cleanup •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20863 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20863
13 Apr 2023 — In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server. This release of Camel for Spring Boot 3.20.1 serv... • https://security.netapp.com/advisory/ntap-20240524-0015 • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20866
https://notcve.org/view.php?id=CVE-2023-20866
13 Apr 2023 — In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. • https://spring.io/security/cve-2023-20866 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0198 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0198
01 Apr 2023 — NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0197
https://notcve.org/view.php?id=CVE-2023-0197
01 Apr 2023 — NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0192
https://notcve.org/view.php?id=CVE-2023-0192
01 Apr 2023 — NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0191 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0191
01 Apr 2023 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •