VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the...
7.4CVSS
7.8AI Score
0.0004EPSS
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information...
7.1CVSS
7AI Score
0.0004EPSS
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...
4.8CVSS
5.3AI Score
0.0004EPSS
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the...
7.4CVSS
8AI Score
0.0004EPSS
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...
7.3AI Score
Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.12 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-25883 DESCRIPTION: **Node.js semver package is vulnerable to a...
10CVSS
10AI Score
0.732EPSS
China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security...
7.8AI Score
According to its version, VMware Fusion is 7.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 2.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 4.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 10.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Moderate Photon OS Security Update - PHSA-2024-3.0-0745
Updates of ['linux-esx', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
According to its version, VMware Fusion is 8.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.
3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246) VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range...
7.4CVSS
9.1AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0237
Updates of ['tcpdump', 'linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
According to its version, VMware Fusion is 3.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Important Photon OS Security Update - PHSA-2024-4.0-0588
Updates of ['linux-secure', 'linux-rt', 'linux', 'linux-aws'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
According to its version, VMware Fusion is 1.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 5.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 12.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 6.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
According to its version, VMware Fusion is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Summary Vulnerability with OpenJDK- [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, CVE-2024-20932, CVE-2024-20919, CVE-2024-20926], commons-compress[ CVE-2024-25710, CVE-2024-26308] , spring-web-5.3.27 [CVE-2024-22243], spring-web-5.3.32[CVE-2024-22259]. This vulnerability has...
8.1CVSS
7.3AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0236
Updates of ['ruby'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0744
Updates of ['linux-esx', 'linux', 'linux-aws', 'linux-secure', 'tcpdump', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0587
Updates of ['tcpdump'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details **...
7.5CVSS
7.2AI Score
0.0005EPSS
Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally
Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and.....
7.1AI Score
Important Photon OS Security Update - PHSA-2024-4.0-0586
Updates of ['python3-cryptography', 'nodejs', 'linux', 'linux-aws', 'linux-secure', 'linux-rt', 'bluez'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
EPSS
Stories from the SOC Part 1: IDAT Loader to BruteRatel
Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed.....
8.1AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
8.5CVSS
7.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
8.5CVSS
8.9AI Score
0.0004EPSS
CVE-2023-39309 WordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
8.5CVSS
9AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0234
Updates of ['nss'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details ** CVEID: CVE-2023-5764 DESCRIPTION: **Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a...
8.1CVSS
9.3AI Score
0.024EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...
7.1CVSS
7.2AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0743
Updates of ['curl'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0584
Updates of ['linux', 'linux-aws', 'nss', 'linux-secure', 'linux-rt', 'file'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0585
Updates of ['curl'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0233
Updates of ['curl'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi...
7.3AI Score
VMware ESXi 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0016)
The version of VMware ESXi installed on the remote host is prior to 6.7 P07, or 7.x prior to 7.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2022-0016 advisory: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow...
5.5CVSS
6.5AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0232
Updates of ['linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0742
Updates of ['linux-esx', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Metasploit Framework 6.4 Released
Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 and the team has added many new features and improvements since then. For news reporters, please reach out to [email protected]. Kerberos Improvements...
10CVSS
8.4AI Score
0.976EPSS