CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en el dispositivo vbluetooth. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-22266 – VMware Avi Load Balancer updates address multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2024-22266
08 May 2024 — VMware Avi Load Balancer contains an information disclosure vulnerability. ... VMware Avi Load Balancer contiene una vulnerabilidad de divulgación de información. ... VMware Avi Load Balancer contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27066 – virtio: packed: fix unmap leak for indirect desc table
https://notcve.org/view.php?id=CVE-2024-27066
01 May 2024 — This causes the unmap leak. This causes the unmap leak. ... Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. ... This causes the unmap leak. ... • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binde... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26901 – do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-26901
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_t... • https://git.kernel.org/stable/c/990d6c2d7aee921e3bce22b2d6a750fd552262be • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-26805 – netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
https://notcve.org/view.php?id=CVE-2024-26805
04 Apr 2024 — BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_... • https://git.kernel.org/stable/c/1853c949646005b5959c483becde86608f548f24 •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22248
https://notcve.org/view.php?id=CVE-2024-22248
02 Apr 2024 — VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware SD-WAN Orchestrator contiene una vulnerabilidad de redireccionamiento abierto. • https://www.vmware.com/security/advisories/VMSA-2024-0008.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22256
https://notcve.org/view.php?id=CVE-2024-22256
07 Mar 2024 — VMware Cloud Director contains a partial information disclosure vulnerability. ... VMware Cloud Director contiene una vulnerabilidad de divulgación parcial de información. ... VMware Cloud Director contains a partial information disclosure vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0007.html •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-22255 – Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-22255
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. A malicious actor with administrative access to a virtual machine may be able to exploit this issue ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-22251 – Out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-22251
27 Feb 2024 — VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-b... • https://www.vmware.com/security/advisories/VMSA-2024-0005.html • CWE-125: Out-of-bounds Read •