Page 16 of 880 results (0.008 seconds)

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. A flaw was found in Spring Security. • https://security.netapp.com/advisory/ntap-20230526-0002 https://spring.io/security/cve-2023-20862 https://access.redhat.com/security/cve/CVE-2023-20862 https://bugzilla.redhat.com/show_bug.cgi?id=2227788 • CWE-459: Incomplete Cleanup •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server. • https://security.netapp.com/advisory/ntap-20240524-0015 https://spring.io/security/cve-2023-20863 https://access.redhat.com/security/cve/CVE-2023-20863 https://bugzilla.redhat.com/show_bug.cgi?id=2187742 • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. • https://spring.io/security/cve-2023-20866 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-476: NULL Pointer Dereference •