CVE-2023-20868
https://notcve.org/view.php?id=CVE-2023-20868
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. • https://www.vmware.com/security/advisories/VMSA-2023-0010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-20883 – spring-boot: Spring Boot Welcome Page DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack. • https://security.netapp.com/advisory/ntap-20230703-0008 https://spring.io/security/cve-2023-20883 https://access.redhat.com/security/cve/CVE-2023-20883 https://bugzilla.redhat.com/show_bug.cgi?id=2209342 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-31131 – Arbitrary File Write when Extracting Tarballs in greenplum-db
https://notcve.org/view.php?id=CVE-2023-31131
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. • https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471 https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-20879
https://notcve.org/view.php?id=CVE-2023-20879
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •
CVE-2023-20878
https://notcve.org/view.php?id=CVE-2023-20878
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-502: Deserialization of Untrusted Data •