VMware Workstation Multiple Vulnerabilities (VMSA_2024_0010) - Windows
VMware Workstation is prone to multiple ...
9.3CVSS
7.3AI Score
0.001EPSS
RHEL 8 : krb5 (RHSA-2024:3268)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3268 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of...
6.8AI Score
0.0004EPSS
VMware Fusion Multiple Vulnerabilities (VMSA_2024_0010) - Mac OS X
VMware Fusion is prone to multiple ...
9.3CVSS
7.3AI Score
0.001EPSS
RHEL 7 : libreoffice (RHSA-2024:3304)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor,...
8.8CVSS
7.5AI Score
0.001EPSS
RHEL 8 : fence-agents (RHSA-2024:2968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2968 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
6.1CVSS
6.6AI Score
0.001EPSS
(RHSA-2024:3268) Low: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
7.4AI Score
0.0004EPSS
(RHSA-2024:2968) Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
7.3AI Score
0.001EPSS
CentOS 8 : krb5 (CESA-2024:3268)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3268 advisory. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory...
7.1AI Score
0.0004EPSS
VMware Workstation Out-of-bounds read/write Vulnerability (VMSA-2024-0011) - Linux
VMware Workstation is prone to an out of bounds read/write...
8.1CVSS
7.3AI Score
0.0004EPSS
VMware Workstation Out-of-bounds read/write Vulnerability (VMSA-2024-0011) - Windows
VMware Workstation is prone to an out of bounds read/write...
8.1CVSS
7.3AI Score
0.0004EPSS
CentOS 8 : fence-agents (CESA-2024:2968)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2968 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response...
6.1CVSS
6.6AI Score
0.001EPSS
VMware Workstation SVGA Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workstation. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists...
7.1CVSS
6.9AI Score
0.001EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
6.9AI Score
0.001EPSS
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
7AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0275
Updates of ['wireshark'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0614
Updates of ['wireshark'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating...
7.2CVSS
8AI Score
0.0004EPSS
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive...
4.9CVSS
6.6AI Score
0.0004EPSS
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a...
8.1CVSS
7.1AI Score
0.0004EPSS
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a...
8.1CVSS
8.2AI Score
0.0004EPSS
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive...
4.9CVSS
5AI Score
0.0004EPSS
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive...
4.9CVSS
6.7AI Score
0.0004EPSS
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating...
7.2CVSS
7.5AI Score
0.0004EPSS
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating...
7.2CVSS
8.1AI Score
0.0004EPSS
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a...
8.1CVSS
8.2AI Score
0.0004EPSS
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a...
8.1CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: IBM Storage Fusion is vulnerable to authorization bypass due to go-restful.
Summary emicklei/go-restful is used by IBM Storage Fusion's isf-prereq-operator to create pre-requisite resources and deploy dependent operators. CVE-2022-1996. Vulnerability Details ** CVEID: CVE-2022-1996 DESCRIPTION: **go-restful could allow a remote attacker to bypass security restrictions,...
9.1CVSS
6.8AI Score
0.002EPSS
Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code...
9.8CVSS
8AI Score
0.001EPSS
Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on...
9.8CVSS
8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...
6.7AI Score
0.0004EPSS
CVE-2023-52739 Fix page corruption caused by racy check in __free_pages
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca...
6.8AI Score
0.0004EPSS
RHEL 7 : go-toolset-1.19-golang (RHSA-2024:2892)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2892 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http,...
6.5AI Score
0.0004EPSS
RHEL 7 : thunderbird (RHSA-2024:2913)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2913 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): *...
8.9AI Score
0.0004EPSS
9.9CVSS
9.9AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0274
Updates of ['linux-secure', 'linux', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0613
Updates of ['unixODBC'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Exploit for Incorrect Authorization in Vmware Spring Security
CVE-2022-22978-demo CVE-2022-22978漏洞示例代码 利用条件...
9.8CVSS
7AI Score
0.009EPSS
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
9.8CVSS
9.5AI Score
0.973EPSS
EulerOS Virtualization 3.0.6.6 : krb5 (EulerOS-SA-2024-1654)
According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A...
6.5CVSS
7.2AI Score
0.003EPSS
7.5CVSS
7.8AI Score
0.001EPSS
How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment
Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....
6.9AI Score
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are...
9.8CVSS
9.4AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-1654)
The remote host is missing an update for the Huawei...
6.5CVSS
7.5AI Score
0.003EPSS
VMware Fusion 13.0.x < 13.5.2 Multiple Vulnerabilities (VMSA-2024-0010)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.0.x prior to 13.5.2. It is, therefore, affected by multiple vulnerabilities. VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. (CVE-2024-22267) VMware Workstation...
9.3CVSS
7.2AI Score
0.001EPSS
VMware Workstation 17.0.x < 17.5.2 Multiple Vulnerabilities (VMSA-2024-0010)
The version of VMware Workstation installed on the remote host is 17.0.x prior to 17.5.2. It is, therefore, affected by multiple vulnerabilities. VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. (CVE-2024-22267) VMware Workstation contains a heap...
9.3CVSS
7.2AI Score
0.001EPSS
RHEL 7 : firefox (RHSA-2024:2881)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2881 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8.9AI Score
0.0004EPSS