CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0181
https://notcve.org/view.php?id=CVE-2023-0181
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-276: Incorrect Default Permissions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0180
https://notcve.org/view.php?id=CVE-2023-0180
NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-20860 – springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
https://notcve.org/view.php?id=CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern. • https://github.com/limo520/CVE-2023-20860 https://security.netapp.com/advisory/ntap-20230505-0006 https://spring.io/security/cve-2023-20860 https://access.redhat.com/security/cve/CVE-2023-20860 https://bugzilla.redhat.com/show_bug.cgi?id=2180528 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20861 – springframework: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS). • https://security.netapp.com/advisory/ntap-20230420-0007 https://spring.io/security/cve-2023-20861 https://access.redhat.com/security/cve/CVE-2023-20861 https://bugzilla.redhat.com/show_bug.cgi?id=2180530 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20859
https://notcve.org/view.php?id=CVE-2023-20859
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. • https://spring.io/security/cve-2023-20859 • CWE-532: Insertion of Sensitive Information into Log File •