CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4387 – Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()
https://notcve.org/view.php?id=CVE-2023-4387
16 Aug 2023 — A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Se encontró una falla de use-after-free en vmxnet3_rq_alloc_rx_buf en drivers/net/vmxnet3/vmxnet3_drv.c en el controlador NIC Ethernet vmxnet3 de VM... • https://access.redhat.com/security/cve/CVE-2023-4387 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39250
https://notcve.org/view.php?id=CVE-2023-39250
16 Aug 2023 — Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. ... Las versiones Dell Storage Integration Tools para VMware (DSITV) y Dell Storage vSphere Client Plugin (DSVCP) anteriores a la 6.1.1 y Replay Manager para las versiones VMware (RMSV) anteriores a la 3.1.2 contienen una vulnerabilidad de... • https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34038
https://notcve.org/view.php?id=CVE-2023-34038
04 Aug 2023 — VMware Horizon Server contains an information disclosure vulnerability. ... VMware Horizon Server contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2023-0017.html •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20891 – VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-20891
26 Jul 2023 — The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. ... The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. • https://www.vmware.com/security/advisories/VMSA-2023-0016.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of functionality outside the user's permissions, or denial of service. • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25517
https://notcve.org/view.php?id=CVE-2023-25517
03 Jul 2023 — NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 24%CPEs: 1EXPL: 0CVE-2023-20889 – VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20889
07 Jun 2023 — Aria Operations for Networks contains an information disclosure vulnerability. Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulti... • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
30 May 2023 — VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled ... • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20870 – VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20870
25 Apr 2023 — VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. • https://www.vmware.com/security/advisories/VMSA-2023-0008.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0198 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2023-0198
01 Apr 2023 — NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •