CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binde... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26901 – do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-26901
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_t... • https://git.kernel.org/stable/c/990d6c2d7aee921e3bce22b2d6a750fd552262be • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-26805 – netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
https://notcve.org/view.php?id=CVE-2024-26805
04 Apr 2024 — BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_... • https://git.kernel.org/stable/c/1853c949646005b5959c483becde86608f548f24 •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22248
https://notcve.org/view.php?id=CVE-2024-22248
02 Apr 2024 — VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware SD-WAN Orchestrator contiene una vulnerabilidad de redireccionamiento abierto. • https://www.vmware.com/security/advisories/VMSA-2024-0008.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22256
https://notcve.org/view.php?id=CVE-2024-22256
07 Mar 2024 — VMware Cloud Director contains a partial information disclosure vulnerability. ... VMware Cloud Director contiene una vulnerabilidad de divulgación parcial de información. ... VMware Cloud Director contains a partial information disclosure vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0007.html •
CVSS: 7.5EPSS: 2%CPEs: -EXPL: 0CVE-2024-22255 – Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-22255
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. A malicious actor with administrative access to a virtual machine may be able to exploit this issue ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-22251 – Out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-22251
27 Feb 2024 — VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-b... • https://www.vmware.com/security/advisories/VMSA-2024-0005.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
31 Jan 2024 — In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test ex... • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. ... Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34044 – Information disclosure vulnerability in bluetooth device-sharing functionality
https://notcve.org/view.php?id=CVE-2023-34044
20 Oct 2023 — VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. ... VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 1... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-125: Out-of-bounds Read •