VMware Workstation, VMware Fusion Security Vulnerabilities

Important Photon OS Security Update - PHSA-2024-4.0-0582

Updates of ['expat'] packages of Photon OS have been...

VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...

Making Sense of Operational Technology Attacks: The Past, Present, and Future

When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would...

RHEL 7 : go-toolset-1.19-golang (RHSA-2024:1468)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1468 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...

CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An.....

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Spring Framework (CVE-2023-34053)

Summary A denial of service vulnerability in Spring Framework used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-34053 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw when the application uses...

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload...

Moderate Photon OS Security Update - PHSA-2024-3.0-0739

Updates of ['nss'] packages of Photon OS have been...

WP Fusion Lite < 3.42.10 - Authenticated (Contributor+) Remote Code Execution

Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execute....

Important Photon OS Security Update - PHSA-2024-4.0-0581

Updates of ['expat', 'linux-aws', 'linux-rt', 'linux-secure', 'linux'] packages of Photon OS have been...

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. PoC...

Important Photon OS Security Update - PHSA-2024-3.0-0738

Updates of ['linux-aws', 'nodejs', 'linux-rt', 'linux-secure', 'linux-esx', 'openvswitch', 'linux'] packages of Photon OS have been...

CVE-2024-22257

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null...

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Windows

VMware Spring Boot is prone to a server-side request forgery (SSRF) in the used Spring...

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS Input Validation Error Vulnerability

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS are both products of Dell, Inc.Dell PowerEdge Server BIOS is a system update driver from Dell.Dell Precision Rack BIOS is a Dell Precision Rack BIOS is a BIOS utility for high-performance workstation products. An input validation error...

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Linux

VMware Spring Boot is prone to a server-side request forgery (SSRF) in the used Spring...

RHEL 7 : rh-nodejs14 (RHSA-2024:1354)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1354 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...

CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

Important Photon OS Security Update - PHSA-2024-5.0-0227

Updates of ['linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...

Exploit for CVE-2024-21426

CVE-2024-21426-SharePoint-RCE exploit for CVE-2024-21426...

Mageia: Security Advisory (MGASA-2024-0058)

The remote host is missing an update for...

VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Windows

The VMware Spring Framework is prone to a server-side request forgery (SSRF)...

VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux

The VMware Spring Framework is prone to a server-side request forgery (SSRF)...

Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. (CVE-2023-20867) SAML token signature bypass. (CVE-2023-34058) File descriptor hijack vulnerability in the vmware-user-suid-wrapper....

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.

Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions (CVE-2023-34034 and CVE-2023-44981) and...

VMware Cloud Director 10.4.x, 10.5.x < 10.5.1.1 Partial Information Disclosure (VMSA-2024-0007)

The version of VMware vCloud Director installed on the remote host is 10.4.x or 10.5.x prior to 10.5.1.1. It is, therefore, affected by a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the...

Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual...

Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical,.....

Intel 2024.1 IPU - BIOS March 2024 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...

VMware Cloud Director 10.5 Authentication Bypass

...

Intel 2024.1 IPU - Chipset Software March 2024 Security Update

Intel has informed HP of potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME) installer and Intel® Local Manageability Service software which may allow escalation of privilege or information disclosure. Intel is releasing updates to mitigate these potential.....

Schneider Electric EcoStruxure Power Design

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3....

Exploit for CVE-2022-21445

Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...

Exploit for CVE-2022-201145

Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...

VMware Cloud Director 10.5 - Bypass identity verification

...

NVIDIA GPU Display Driver February 2024 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. ...

HP PC BIOS Pre-boot DMA Protection Security Update

A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate...

VMware Cloud Director 10.5 - Bypass identity verification Exploit

...

Ubuntu: Security Advisory (USN-6688-1)

The remote host is missing an update for...

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024 REMINDER Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates. Windows...

linux-oem-6.1 vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....

Critical VMware Vulnerabilities Leading To Sandbox Escape

Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and...

A week in security (March 4 &#8211; March 10)

Last week on Malwarebytes Labs: Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix Update now! JetBrains TeamCity vulnerability abused at scale PetSmart warns customers of credential stuffing attack Predator spyware vendor banned in US ALPHV ransomware gang fakes...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.1 - Linux kernel for OEM systems Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker...

RHEL 7 : rhc-worker-script (RHSA-2024:1244)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1244 advisory. The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts...

Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix

VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws...