CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38831 – Local privilege escalation vulnerability (CVE-2024-38831)
https://notcve.org/view.php?id=CVE-2024-38831
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38830 – Local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-38830
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38828 – CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter
https://notcve.org/view.php?id=CVE-2024-38828
18 Nov 2024 — Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. • https://spring.io/security/cve-2024-38828 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38820 – CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
https://notcve.org/view.php?id=CVE-2024-38820
18 Oct 2024 — The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. • https://spring.io/security/cve-2024-38820 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38814 – VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38814
16 Oct 2024 — An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. VMware recibió un informe privado sobre una vulnerabilidad de inyección SQL autenticada en VMware HCX. Un usuario autenticado malintencionado con privile... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
09 Oct 2024 — VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38818
https://notcve.org/view.php?id=CVE-2024-38818
09 Oct 2024 — VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38817
https://notcve.org/view.php?id=CVE-2024-38817
09 Oct 2024 — Mware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38809 – org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
https://notcve.org/view.php?id=CVE-2024-38809
27 Sep 2024 — Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` requ... • https://spring.io/security/cve-2024-38809 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 38%CPEs: 3EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
17 Sep 2024 — The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. VMware vCenter contains an improper check for drop... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •