Lucene search
K

201 matches found

NVD
NVD
added 2024/12/04 9:15 p.m.59 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00376EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 9:15 p.m.21 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS6.5AI score0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/04 9:6 p.m.23 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS3.8AI score0.00376EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/12/04 9:6 p.m.25 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS4.9AI score0.00376EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/04 9:6 p.m.35 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00376EPSS
Exploits0References1
CVE
CVE
added 2024/12/04 9:6 p.m.326 views

CVE-2024-38829

CVE-2024-38829 is described as a vulnerability in Spring LDAP that enables data exposure due to case-sensitive comparisons. The issue affects Spring LDAP versions ranging from the earliest releases up to 2.4.3, and then 3.0.0–3.0.9, 3.1.0–3.1.7, and 3.2.0–3.2.7, including all versions prior to 2....

3.7CVSS3.8AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.5 views

VMware Tanzu Spring LDAP 安全漏洞

VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...

3.7CVSS5.8AI score0.00376EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/02 3:31 p.m.111 views

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.8AI score0.00385EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2024/12/02 2:32 p.m.51 views

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS0.00385EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.58 views

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.54862EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.36 views

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Windows

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.54862EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2024/10/18 6:30 a.m.156 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.6AI score0.00631EPSS
Exploits1References6Affected Software2
Vulnrichment
Vulnrichment
added 2024/10/18 5:39 a.m.34 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References1
CVE
CVE
added 2024/10/18 5:39 a.m.437 views

CVE-2024-38820

The CVE-2024-38820 issue concerns Spring Framework DataBinder: lowercase conversion for disallowedFields and request parameter names was made locale-independent, but locale-dependent edge cases in String.toLowerCase() can still bypass the checks. Affected products/versions from linked advisories ...

5.3CVSS3.9AI score0.00631EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/18 5:39 a.m.53 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS0.00631EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.4 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from case-sensitive matching exceptions that could cause fields to...

5.3CVSS6.1AI score0.00631EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/05/18 11:23 a.m.80 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE POC A POC for CVE-2024-32002 demonstrating...

9CVSS8.3AI score0.25334EPSS
Exploits32
Veracode
Veracode
added 2023/10/18 5:20 a.m.32 views

Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to the sensitiveconfigvalues function in configuration.py failing to check for sensitive configurations using case-sensitive matches. This allows an attackers to retrieve sensitive data by exploiting case mismatches,...

4.3CVSS6.7AI score0.01232EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/15 7:15 p.m.31 views

CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

6.1CVSS6.8AI score0.00512EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/18 12:0 a.m.36 views

Oracle Linux 9 : istio (ELSA-2023-12771)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12771 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Rows per page
Query Builder