CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
04 Dec 2024 — A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una v... • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
09 Oct 2024 — VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-44947 – fuse: Initialize beyond-EOF page contents before setting uptodate
https://notcve.org/view.php?id=CVE-2024-44947
02 Sep 2024 — This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). ... • https://github.com/Abdurahmon3236/CVE-2024-44947 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVE-2024-42076 – net: can: j1939: Initialize unused data in j1939_send_one()
https://notcve.org/view.php?id=CVE-2024-42076
29 Jul 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVE-2024-35893 – net/sched: act_skbmod: prevent kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-35893
19 May 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/86da71b57383d40993cb90baafb3735cffe5d800 •
CVE-2024-22270 – VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22270
14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en la funcionalidad Host Guest File Sharing (HGFS). ... This vulnerability allows local attackers to disclose ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en el dispositivo vbluetooth. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-22266 – VMware Avi Load Balancer updates address multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2024-22266
08 May 2024 — VMware Avi Load Balancer contains an information disclosure vulnerability. ... VMware Avi Load Balancer contiene una vulnerabilidad de divulgación de información. ... VMware Avi Load Balancer contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219 • CWE-522: Insufficiently Protected Credentials •
CVE-2024-27066 – virtio: packed: fix unmap leak for indirect desc table
https://notcve.org/view.php?id=CVE-2024-27066
01 May 2024 — This causes the unmap leak. This causes the unmap leak. ... Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. ... This causes the unmap leak. ... • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 •
CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binde... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •