Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.1CVSS
6.9AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0300
Updates of ['libndp'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0301
Updates of ['libarchive', 'openssl'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0636
Updates of ['nodejs', 'libndp'] packages of Photon OS have been...
9.8CVSS
9.6AI Score
0.001EPSS
7.3AI Score
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...
7.5CVSS
7.8AI Score
0.0005EPSS
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...
7.5CVSS
7.8AI Score
0.0005EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder [CVE-2024-22259]. VMware Tanzu Spring Framework is used in our Speech Microservices. This...
8.1CVSS
6.3AI Score
0.0004EPSS
RHEL 7 : thunderbird (RHSA-2024:4016)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 A code injection attack on spring cloud...
10CVSS
7.4AI Score
0.975EPSS
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
8.8CVSS
8.7AI Score
0.0004EPSS
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...
9.8CVSS
8AI Score
0.321EPSS
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
8.8CVSS
0.0004EPSS
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
8.8CVSS
7AI Score
0.0004EPSS
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
Critical security vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) found in VMware vCenter Server! Patch immediately to safeguard virtual environments from remote code execution & privilege escalation...
9.8CVSS
8.3AI Score
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
7.2AI Score
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
0.0004EPSS
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
5.4CVSS
0.0004EPSS
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
5.4CVSS
5.7AI Score
0.0004EPSS
CVE-2024-5649 Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
5.4CVSS
0.0004EPSS
VMware vCenter Server 7.0 < 7.0U3r / 8.0 < 8.0U2d Multiple Vulnerabilities (VMSA-2024-0012)
The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3r, or 8.0 prior to 8.0U2d. It is, therefore, affected by a partial information disclosure vulnerability as referenced in the VMSA-2024-0012 advisory: The vCenter Server contains multiple heap-overflow...
9.8CVSS
6.9AI Score
0.0004EPSS
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...
9.8CVSS
10AI Score
0.003EPSS
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) -...
9.8CVSS
8.7AI Score
0.044EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
7.7AI Score
0.0004EPSS
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...
7.8CVSS
7.3AI Score
0.0004EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
7.7AI Score
0.0004EPSS
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...
7.8CVSS
7.4AI Score
0.0004EPSS
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...
7.8CVSS
0.0004EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
7.9AI Score
0.0004EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
0.0004EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
7.9AI Score
0.0004EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...
9.8CVSS
0.0004EPSS
RHEL 7 : flatpak (RHSA-2024:3980)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...
8.4CVSS
8.6AI Score
0.0004EPSS
VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Linux
VMware Workstation is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
VMware Fusion Out-of-bounds read Vulnerability (VMSA-2024-0005) - Mac OS X
VMware Fusion is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Windows
VMware Workstation is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.2CVSS
9.7AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0633
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0293
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
RHEL 7 : linux-firmware (RHSA-2024:3939)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
8.2CVSS
7.4AI Score
0.0005EPSS
RHEL 7 : firefox (RHSA-2024:3951)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0005EPSS
linux-azure, linux-gke vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...
7.8CVSS
8.3AI Score
0.0005EPSS
An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....
5.4CVSS
7AI Score
0.0004EPSS