Lucene search

K

VMware Workstation, VMware Fusion Security Vulnerabilities

cve
cve

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

7.4AI Score

EPSS

2024-06-25 03:15 PM
2
cve
cve

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

6.8CVSS

6.7AI Score

EPSS

2024-06-25 03:15 PM
2
nvd
nvd

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

6.8CVSS

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...

5.3CVSS

6.9AI Score

EPSS

2024-06-25 03:15 PM
2
nvd
nvd

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

EPSS

2024-06-25 03:15 PM
6
cvelist
cvelist

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...

5.3CVSS

EPSS

2024-06-25 02:16 PM
cvelist
cvelist

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

6.8CVSS

EPSS

2024-06-25 02:16 PM
1
cvelist
cvelist

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

EPSS

2024-06-25 02:16 PM
2
nvd
nvd

CVE-2024-22385

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

0.0004EPSS

2024-06-25 02:15 AM
2
cve
cve

CVE-2024-22385

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-25 02:15 AM
6
cvelist
cvelist

CVE-2024-22385 File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

0.0004EPSS

2024-06-25 01:34 AM
2
vulnrichment
vulnrichment

CVE-2024-22385 File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

6.9AI Score

0.0004EPSS

2024-06-25 01:34 AM
malwarebytes
malwarebytes

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....

7.6AI Score

2024-06-24 07:07 AM
4
photon
photon

Critical Photon OS Security Update - PHSA-2024-4.0-0637

Updates of ['go', 'openssl'] packages of Photon OS have been...

9.8CVSS

10AI Score

EPSS

2024-06-24 12:00 AM
photon
photon

Moderate Photon OS Security Update - PHSA-2024-4.0-0638

Updates of ['libssh2', 'nginx'] packages of Photon OS have been...

9.8CVSS

9.7AI Score

0.963EPSS

2024-06-24 12:00 AM
photon
photon

Critical Photon OS Security Update - PHSA-2024-5.0-0302

Updates of ['go', 'nginx'] packages of Photon OS have been...

9.8CVSS

9.6AI Score

0.001EPSS

2024-06-24 12:00 AM
hp
hp

AMD Client UEFI – Cross-Process Information Leak

AMD has informed HP of a potential security vulnerability identified in some AMD client processors, which might allow information disclosure. AMD released firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified...

5.5CVSS

7AI Score

0.001EPSS

2024-06-24 12:00 AM
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-21 03:14 PM
4
photon
photon

Important Photon OS Security Update - PHSA-2024-5.0-0300

Updates of ['libndp'] packages of Photon OS have been...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-21 12:00 AM
photon
photon

Important Photon OS Security Update - PHSA-2024-4.0-0636

Updates of ['libndp', 'nodejs'] packages of Photon OS have been...

9.8CVSS

9.6AI Score

0.001EPSS

2024-06-21 12:00 AM
photon
photon

Important Photon OS Security Update - PHSA-2024-5.0-0301

Updates of ['libarchive', 'openssl'] packages of Photon OS have been...

9.8CVSS

10AI Score

EPSS

2024-06-21 12:00 AM
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...

7.5CVSS

7.8AI Score

0.0005EPSS

2024-06-20 06:49 PM
4
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...

7.5CVSS

7.8AI Score

0.0005EPSS

2024-06-20 06:41 PM
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22259]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder [CVE-2024-22259]. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

8.1CVSS

6.3AI Score

0.0004EPSS

2024-06-20 06:17 PM
2
nessus
nessus

RHEL 7 : thunderbird (RHSA-2024:4016)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
githubexploit
githubexploit

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

CVE-2022-22947 A code injection attack on spring cloud...

10CVSS

7.4AI Score

0.975EPSS

2024-06-19 03:31 PM
148
cve
cve

CVE-2024-22263

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-19 03:15 PM
29
thn
thn

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...

9.8CVSS

8AI Score

0.321EPSS

2024-06-19 03:09 PM
33
cvelist
cvelist

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

0.0004EPSS

2024-06-19 02:48 PM
5
vulnrichment
vulnrichment

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

7AI Score

0.0004EPSS

2024-06-19 02:48 PM
hackread
hackread

Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities

Critical security vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) found in VMware vCenter Server! Patch immediately to safeguard virtual environments from remote code execution & privilege escalation...

9.8CVSS

8.3AI Score

0.0004EPSS

2024-06-19 02:39 PM
6
cve
cve

CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

7.7CVSS

7.2AI Score

0.0004EPSS

2024-06-19 02:15 PM
30
nvd
nvd

CVE-2023-39310

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 02:15 PM
2
cve
cve

CVE-2023-39310

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
nvd
nvd

CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

7.7CVSS

0.0004EPSS

2024-06-19 02:15 PM
2
vulnrichment
vulnrichment

CVE-2023-39310 WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-19 02:07 PM
cvelist
cvelist

CVE-2023-39310 WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 02:07 PM
2
vulnrichment
vulnrichment

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

7.7CVSS

7.2AI Score

0.0004EPSS

2024-06-19 01:43 PM
cvelist
cvelist

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

7.7CVSS

0.0004EPSS

2024-06-19 01:43 PM
2
nvd
nvd

CVE-2024-5649

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

5.4CVSS

0.0004EPSS

2024-06-19 04:15 AM
4
cve
cve

CVE-2024-5649

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-06-19 04:15 AM
23
cvelist
cvelist

CVE-2024-5649 Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

5.4CVSS

0.0004EPSS

2024-06-19 03:12 AM
3
nessus
nessus

VMware vCenter Server 7.0 < 7.0U3r / 8.0 < 8.0U2d Multiple Vulnerabilities (VMSA-2024-0012)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3r, or 8.0 prior to 8.0U2d. It is, therefore, affected by a partial information disclosure vulnerability as referenced in the VMSA-2024-0012 advisory: The vCenter Server contains multiple heap-overflow...

9.8CVSS

6.9AI Score

0.0004EPSS

2024-06-19 12:00 AM
5
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS

10AI Score

0.003EPSS

2024-06-18 09:04 PM
2
thn
thn

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) -...

9.8CVSS

8.7AI Score

0.044EPSS

2024-06-18 08:24 AM
32
cve
cve

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-06-18 06:15 AM
79
cve
cve

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...

7.8CVSS

7.3AI Score

0.0004EPSS

2024-06-18 06:15 AM
41
cve
cve

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-06-18 06:15 AM
52
vulnrichment
vulnrichment

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...

7.8CVSS

7.4AI Score

0.0004EPSS

2024-06-18 05:43 AM
7
Total number of security vulnerabilities33768