CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
31 Jan 2024 — In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test ex... • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. ... Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34044 – Information disclosure vulnerability in bluetooth device-sharing functionality
https://notcve.org/view.php?id=CVE-2023-34044
20 Oct 2023 — VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. ... VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 1... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4387 – Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()
https://notcve.org/view.php?id=CVE-2023-4387
16 Aug 2023 — A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Se encontró una falla de use-after-free en vmxnet3_rq_alloc_rx_buf en drivers/net/vmxnet3/vmxnet3_drv.c en el controlador NIC Ethernet vmxnet3 de VM... • https://access.redhat.com/security/cve/CVE-2023-4387 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39250
https://notcve.org/view.php?id=CVE-2023-39250
16 Aug 2023 — Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. ... Las versiones Dell Storage Integration Tools para VMware (DSITV) y Dell Storage vSphere Client Plugin (DSVCP) anteriores a la 6.1.1 y Replay Manager para las versiones VMware (RMSV) anteriores a la 3.1.2 contienen una vulnerabilidad de... • https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34038
https://notcve.org/view.php?id=CVE-2023-34038
04 Aug 2023 — VMware Horizon Server contains an information disclosure vulnerability. ... VMware Horizon Server contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2023-0017.html •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20891 – VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-20891
26 Jul 2023 — The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. ... The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. • https://www.vmware.com/security/advisories/VMSA-2023-0016.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of functionality outside the user's permissions, or denial of service. • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25517
https://notcve.org/view.php?id=CVE-2023-25517
03 Jul 2023 — NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 24%CPEs: 1EXPL: 0CVE-2023-20889 – VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20889
07 Jun 2023 — Aria Operations for Networks contains an information disclosure vulnerability. Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulti... • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •