CVSS: 7.1EPSS: 4%CPEs: -EXPL: 0CVE-2025-22226 – VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-22226
04 Mar 2025 — VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be abl... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22222 – VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)
https://notcve.org/view.php?id=CVE-2025-22222
30 Jan 2025 — VMware Aria Operations contains an information disclosure vulnerability. ... VMware Aria Operations contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-22218 – VMware Aria Operations for Logs information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-22218
30 Jan 2025 — VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMwa... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38320 – IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
https://notcve.org/view.php?id=CVE-2024-38320
27 Jan 2025 — IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly... • https://www.ibm.com/support/pages/node/7173462 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57912 – iio: pressure: zpa2326: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57912
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local ... • https://git.kernel.org/stable/c/03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57911 – iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57911
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information... • https://git.kernel.org/stable/c/415f792447572ef1949a3cef5119bbce8cc66373 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57910 – iio: light: vcnl4035: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57910
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to ... • https://git.kernel.org/stable/c/da8ef748fec2d55db0ae424ab40eee0c737564aa •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57908 – iio: imu: kmx61: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57908
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is u... • https://git.kernel.org/stable/c/c3a23ecc0901f624b681bbfbc4829766c5aa3070 •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
04 Dec 2024 — A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una v... • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49975 – uprobes: fix kernel info leak via "[uprobes]" vma
https://notcve.org/view.php?id=CVE-2024-49975
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. ... • https://git.kernel.org/stable/c/d4b3b6384f98f8692ad0209891ccdbc7e78bbefe •