CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0188 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0188
01 Apr 2023 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0185 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0185
01 Apr 2023 — NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-196: Unsigned to Signed Conversion Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0183 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0183
01 Apr 2023 — NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0181 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0181
01 Apr 2023 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-276: Incorrect Default Permissions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0180 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0180
01 Apr 2023 — NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 54%CPEs: 2EXPL: 1CVE-2023-20860 – springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
https://notcve.org/view.php?id=CVE-2023-20860
27 Mar 2023 — Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern. Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing ... • https://github.com/limo520/CVE-2023-20860 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20859
https://notcve.org/view.php?id=CVE-2023-20859
23 Mar 2023 — In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. • https://spring.io/security/cve-2023-20859 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20861 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20861
23 Mar 2023 — In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS). Red Hat support for Spring Boot provides an application platform that reduces the complexity of develop... • https://security.netapp.com/advisory/ntap-20230420-0007 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20857 – VMware Security Advisory 2023-0006
https://notcve.org/view.php?id=CVE-2023-20857
28 Feb 2023 — VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. VMware Workspace ONE Content update addresses a passcode bypass vulnerability. • http://packetstormsecurity.com/files/171158/VMware-Security-Advisory-2023-0006.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20855
https://notcve.org/view.php?id=CVE-2023-20855
21 Feb 2023 — VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. • https://www.vmware.com/security/advisories/VMSA-2023-0005.html • CWE-611: Improper Restriction of XML External Entity Reference •