151 results (0.109 seconds)

CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0

04 Dec 2024 — A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una v... • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

09 Oct 2024 — VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

02 Sep 2024 — This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). ... • https://github.com/Abdurahmon3236/CVE-2024-44947 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

29 Jul 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

19 May 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/86da71b57383d40993cb90baafb3735cffe5d800 •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en la funcionalidad Host Guest File Sharing (HGFS). ... This vulnerability allows local attackers to disclose ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en el dispositivo vbluetooth. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

08 May 2024 — VMware Avi Load Balancer contains an information disclosure vulnerability. ... VMware Avi Load Balancer contiene una vulnerabilidad de divulgación de información. ... VMware Avi Load Balancer contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

01 May 2024 — This causes the unmap leak. This causes the unmap leak. ... Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. ... This causes the unmap leak. ... • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 •

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binde... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •