VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the...
4.3CVSS
4.2AI Score
0.0004EPSS
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the...
4.3CVSS
4.3AI Score
0.0004EPSS
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the...
4.3CVSS
6.5AI Score
0.0004EPSS
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the...
4.3CVSS
4.6AI Score
0.0004EPSS
Exploit for Server-Side Request Forgery in Fusion Builder Project Fusion Builder
git clone...
9.8CVSS
9.7AI Score
0.222EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0223
Updates of ['python3-cryptography'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Oracle Linux 9 : kernel (ELSA-2024-0461)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0461 advisory. A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the...
8.8CVSS
8.7AI Score
0.024EPSS
VMware ESXi 7.0 / 8.0 Multiple Vulnerabilities (VMSA-2024-0006)
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3p, 8.0 prior to 8.0 Update 1d, or 8.0 prior to 8.0 Update 2b. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0006 advisory: VMware ESXi, Workstation, and Fusion contain a...
9.3CVSS
6.8AI Score
0.0004EPSS
Partial Information Disclosure Vulnerability (CVE-2024-22256) VMware Cloud Director contains a partial information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...
4.3CVSS
6.5AI Score
0.0004EPSS
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used....
6.6CVSS
7AI Score
0.001EPSS
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might...
5.4CVSS
6.7AI Score
0.001EPSS
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
8.8CVSS
7.2AI Score
0.002EPSS
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB...
9.3CVSS
7.9AI Score
0.0004EPSS
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the...
7.9CVSS
8.5AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx...
7.1CVSS
7.5AI Score
0.0004EPSS
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the...
7.9CVSS
8.7AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx...
7.1CVSS
7.7AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.3AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.5AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.5AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.3AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
7.5AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
7.5AI Score
0.0004EPSS
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the...
7.9CVSS
6.9AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx...
7.1CVSS
6.2AI Score
0.0004EPSS
CVE-2024-22255 Information disclosure vulnerability
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx...
7.1CVSS
7.3AI Score
0.0004EPSS
CVE-2024-22254 Out-of-bounds write vulnerability
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the...
7.9CVSS
8AI Score
0.0004EPSS
CVE-2024-22253 Use-after-free vulnerability
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.7AI Score
0.0004EPSS
CVE-2024-22252 Use-after-free vulnerability
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
9.7AI Score
0.0004EPSS
(RHSA-2024:1155) Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
7.6AI Score
0.001EPSS
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark....
10CVSS
9.4AI Score
0.946EPSS
3a. Use-after-free vulnerability in XHCI USB controller (CVE-2024-22252) VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of.....
9.3CVSS
6.7AI Score
0.0004EPSS
KLA64773 Multiple vulnerabilities in VMware Workstation
Multiple vulnerabilities were found in VMware Workstation. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: Use after free vulnerability in UHCI USB controller can be exploited to execute...
9.3CVSS
8.1AI Score
0.0004EPSS
VMware Fusion 13.0.x < 13.5.1 Multiple Vulnerabilities (VMSA-2024-0006)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.0.x prior to 13.5.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
9.3CVSS
8.2AI Score
0.0004EPSS
3a. Use-after-free vulnerability in XHCI USB controller (CVE-2024-22252) VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of.....
9.3CVSS
7AI Score
0.0004EPSS
VMware Workstation 17.0.x < 17.5.1 Multiple Vulnerabilities (VMSA-2024-0006)
The version of VMware Workstation installed on the remote host is 17.0.x prior to 17.5.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
9.3CVSS
8.3AI Score
0.0004EPSS
RHEL 9 : fence-agents (RHSA-2024:1155)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1155 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
6.1CVSS
7.4AI Score
0.001EPSS
CentOS: Security Advisory for open-vm-tools (CESA-2023:7279)
The remote host is missing an update for...
7.5CVSS
7.4AI Score
0.001EPSS
New Linux Variant of Bifrost RAT Utilizes Deceptive Domain for Evasion
Summary: A new Linux variant of the Bifrost RAT evades detection using a deceptive VMware domain, aiming to compromise systems. This persistent threat spreads through malicious emails and sites, harvesting sensitive data and now includes an ARM version, emphasizing the need for vigilant...
7.1AI Score
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...
9.8CVSS
10AI Score
0.059EPSS
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...
9.8CVSS
8.1AI Score
0.975EPSS
openSUSE: Security Advisory for systemd (SUSE-SU-2022:2866-2)
The remote host is missing an update for...
6.5CVSS
6.8AI Score
0.002EPSS
openSUSE: Security Advisory for ignition (SUSE-SU-2022:2349-2)
The remote host is missing an update for...
6.5CVSS
6.8AI Score
0.002EPSS
openSUSE: Security Advisory for open (SUSE-SU-2023:4227-1)
The remote host is missing an update for...
7.5CVSS
7.3AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0221
Updates of ['ruby'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.004EPSS
openSUSE: Security Advisory for zabbix (openSUSE-SU-2023:0191-1)
The remote host is missing an update for...
5.4CVSS
7.6AI Score
0.0005EPSS
openSUSE: Security Advisory for exempi (SUSE-SU-2023:3835-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2892-1)
The remote host is missing an update for...
7.8CVSS
7.3AI Score
0.001EPSS
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
By Waqas Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004. This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware...
7.3AI Score
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42...
7.5AI Score