VMware Workstation, VMware Fusion Security Vulnerabilities

VMware Fusion SEoL (7.0.x)

According to its version, VMware Fusion is 7.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (2.0.x)

According to its version, VMware Fusion is 2.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (10.0.x)

According to its version, VMware Fusion is 10.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (4.0.x)

According to its version, VMware Fusion is 4.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

Moderate Photon OS Security Update - PHSA-2024-3.0-0745

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'linux'] packages of Photon OS have been...

VMware Fusion SEoL (8.0.x)

According to its version, VMware Fusion is 8.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.

3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246) VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range...

Important Photon OS Security Update - PHSA-2024-5.0-0237

Updates of ['tcpdump', 'linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...

VMware Fusion SEoL (3.0.x)

According to its version, VMware Fusion is 3.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

Important Photon OS Security Update - PHSA-2024-4.0-0588

Updates of ['linux-aws', 'linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...

VMware Fusion SEoL (1.0.x)

According to its version, VMware Fusion is 1.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (5.0.x)

According to its version, VMware Fusion is 5.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (12.0.x)

According to its version, VMware Fusion is 12.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (6.0.x)

According to its version, VMware Fusion is 6.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

VMware Fusion SEoL (11.0.x)

According to its version, VMware Fusion is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

Security Bulletin: Vulnerability with OpenJDK, commons-compress and spring-web-5.3.27/spring-web-5.3.32 affect IBM Cloud Object Storage Systems (April 2024v1)

Summary Vulnerability with OpenJDK- [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, CVE-2024-20932, CVE-2024-20919, CVE-2024-20926], commons-compress[ CVE-2024-25710, CVE-2024-26308] , spring-web-5.3.27 [CVE-2024-22243], spring-web-5.3.32[CVE-2024-22259]. This vulnerability has...

Important Photon OS Security Update - PHSA-2024-5.0-0236

Updates of ['ruby'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-3.0-0744

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'tcpdump', 'linux'] packages of Photon OS have been...

Moderate Photon OS Security Update - PHSA-2024-4.0-0587

Updates of ['tcpdump'] packages of Photon OS have been...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2023-34053

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details **...

Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally

Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and.....

Important Photon OS Security Update - PHSA-2024-4.0-0586

Updates of ['bluez', 'linux-aws', 'python3-cryptography', 'nodejs', 'linux-rt', 'linux-secure', 'linux'] packages of Photon OS have been...

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed.....

CVE-2023-39309

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

CVE-2023-39309

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

CVE-2023-39309 WordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

Moderate Photon OS Security Update - PHSA-2024-5.0-0234

Updates of ['nss'] packages of Photon OS have been...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details ** CVEID: CVE-2023-5764 DESCRIPTION: **Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a...

CVE-2023-39311

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

CVE-2023-39311

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

CVE-2023-39311 WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

CVE-2023-39306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...

CVE-2023-39306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...

CVE-2023-39306 WordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...

Important Photon OS Security Update - PHSA-2024-3.0-0743

Updates of ['curl'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-4.0-0584

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'file', 'nss', 'linux'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-4.0-0585

Updates of ['curl'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-5.0-0233

Updates of ['curl'] packages of Photon OS have been...

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi...

VMware ESXi 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0016)

The version of VMware ESXi installed on the remote host is prior to 6.7 P07, or 7.x prior to 7.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2022-0016 advisory: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow...

Important Photon OS Security Update - PHSA-2024-3.0-0742

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'linux'] packages of Photon OS have been...

Moderate Photon OS Security Update - PHSA-2024-5.0-0232

Updates of ['linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 and the team has added many new features and improvements since then. For news reporters, please reach out to [email protected]. Kerberos Improvements...

Important Photon OS Security Update - PHSA-2024-5.0-0231

Updates of ['python3-cryptography', 'bluez'] packages of Photon OS have been...

Moderate Photon OS Security Update - PHSA-2024-3.0-0741

Updates of ['bluez'] packages of Photon OS have been...

Moderate Photon OS Security Update - PHSA-2024-5.0-0230

Updates of ['linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...

Security Bulletin: Vulnerabilities Spring Boot, Spring Security and Spring Framework might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security, and Spring Framework. An attacker could exploit these vulnerabilities to cause a denial of service condition, to take over the application, to launch further attacks on the system, to...

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details ** CVEID:...

Important Photon OS Security Update - PHSA-2024-5.0-0229

Updates of ['expat'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-3.0-0740

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'linux'] packages of Photon OS have been...