Vmware: Security Vulnerabilities
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC
* Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
CVSS Score
7.5
EPSS Score
0.015
Published
2024-01-22
Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-01-16
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVSS Score
7.8
EPSS Score
0.135
Published
2023-12-13
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-12-12
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* org.springframework.boot:spring-boot-actuator is on the classpath
CVSS Score
5.3
EPSS Score
0.003
Published
2023-11-28
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* io.micrometer:micrometer-core is on the classpath
* an ObservationRegistry is configured in the application to record observations
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
CVSS Score
5.3
EPSS Score
0.006
Published
2023-11-28
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from
an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login
restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider
and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-14
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-02
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-02
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-02