CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34064 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34064
12 Dec 2023 — Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. Workspace ONE Launcher contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con acceso físico a Workspace ONE Launcher podría utilizar la función Edge Panel para omitir la configuración y obtener acceso a información confidencial. Workspace ONE Launcher c... • https://www.vmware.com/security/advisories/VMSA-2023-0027.html •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2023-34055 – Spring Boot server Web Observations DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34055
28 Nov 2023 — In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath En las versiones 2.7.0 - 2.7.17, 3.0.0-3.0.12 y 3.1.0-3.1.5 de Spring Boot, es posible que un usuario proporcione solicitu... • https://security.netapp.com/advisory/ntap-20231221-0010 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-34053 – Spring Framework server Web Observations DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34053
28 Nov 2023 — In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-... • https://security.netapp.com/advisory/ntap-20231214-0007 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-34060 – VMware Cloud Director 10.5 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-34060
14 Nov 2023 — VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Direct... • https://packetstorm.news/files/id/177554 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-31026
https://notcve.org/view.php?id=CVE-2023-31026
02 Nov 2023 — NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde una desreferencia de puntero NULL puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-31022 – Gentoo Linux Security Advisory 202405-28
https://notcve.org/view.php?id=CVE-2023-31022
02 Nov 2023 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. NVIDIA GPU Display Driver para Windows y Linux contiene una vulnerabilidad en la capa del modo kernel, donde una desreferencia del puntero NULL puede provocar una denegación de servicio. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 4... • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-31021
https://notcve.org/view.php?id=CVE-2023-31021
02 Nov 2023 — NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde un usuario malintencionado en la VM invitada puede provocar una desreferencia del puntero NULL, lo que puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-31018
https://notcve.org/view.php?id=CVE-2023-31018
02 Nov 2023 — NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. NVIDIA GPU Driver para Windows y Linux contiene una vulnerabilidad en la capa del modo kernel, donde un usuario normal sin privilegios puede provocar una desreferencia del puntero NULL, lo que puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20886
https://notcve.org/view.php?id=CVE-2023-20886
31 Oct 2023 — VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. La consola VMware Workspace ONE UEM contiene una vulnerabilidad de redireccionamiento abierto. Un actor malintencionado puede redirigir a una víctima hacia un atacante y recuperar su respuesta SAML para iniciar sesión como el usuario víctima. • https://www.vmware.com/security/advisories/VMSA-2023-0025.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34059 – open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper
https://notcve.org/view.php?id=CVE-2023-34059
27 Oct 2023 — open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permitiéndole simular las entradas del usuario. A flaw was found... • http://www.openwall.com/lists/oss-security/2023/10/27/2 • CWE-266: Incorrect Privilege Assignment CWE-404: Improper Resource Shutdown or Release •