201 matches found
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
CVE-2024-38829 is described as a vulnerability in Spring LDAP that enables data exposure due to case-sensitive comparisons. The issue affects Spring LDAP versions ranging from the earliest releases up to 2.4.3, and then 3.0.0–3.0.9, 3.1.0–3.1.7, and 3.2.0–3.2.7, including all versions prior to 2....
VMware Tanzu Spring LDAP 安全漏洞
VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux
The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Windows
The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-38820
The CVE-2024-38820 issue concerns Spring Framework DataBinder: lowercase conversion for disallowedFields and request parameter names was made locale-independent, but locale-dependent edge cases in String.toLowerCase() can still bypass the checks. Affected products/versions from linked advisories ...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
VMware Spring Framework 安全漏洞
VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from case-sensitive matching exceptions that could cause fields to...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002 RCE POC A POC for CVE-2024-32002 demonstrating...
Information Disclosure
Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to the sensitiveconfigvalues function in configuration.py failing to check for sensitive configurations using case-sensitive matches. This allows an attackers to retrieve sensitive data by exploiting case mismatches,...
CVE-2018-25091
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...
Oracle Linux 9 : istio (ELSA-2023-12771)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12771 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...