VMware Workstation, VMware Fusion Security Vulnerabilities

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details ** CVEID: CVE-2023-40695 DESCRIPTION: **IBM Cognos...

CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

CVE-2023-52648 drm/vmwgfx: Unmap the surface before resetting it on a plane state

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

Exploit for Code Injection in Vmware Spring Framework

SpringFramework_CVE-2022-22965_RCE SpringFramework...

CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

Mageia: Security Advisory (MGASA-2024-0158)

The remote host is missing an update for...

Moderate Photon OS Security Update - PHSA-2024-3.0-0755

Updates of ['gnutls'] packages of Photon OS have been...

(RHSA-2024:2132) Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

Important Photon OS Security Update - PHSA-2024-3.0-0754

Updates of ['ruby', 'python3-pycryptodomex'] packages of Photon OS have been...

RHEL 7 : rhc-worker-script (RHSA-2024:2625)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts...

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

RHEL 9 : fence-agents (RHSA-2024:2132)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

RHEL 7 : tigervnc (RHSA-2024:2080)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2080 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Important Photon OS Security Update - PHSA-2024-5.0-0259

Updates of ['ruby'] packages of Photon OS have been...

RHEL 7 : xorg-x11-server (RHSA-2024:0320)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0320 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical...

RHEL 8 : Satellite 6.14 (RHSA-2023:6818)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

VMware RabbitMQ Installed (Windows)

VMware RabbitMQ is installed on the remote Windows...

Important Photon OS Security Update - PHSA-2024-4.0-0600

Updates of ['ruby'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2024-3.0-0753

Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'sssd', 'linux'] packages of Photon OS have been...

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2101 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 7 / 8 : Red Hat OpenStack Platform (python-werkzeug) (RHSA-2023:1281)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1281 advisory. Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility...

RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-glance) (RHSA-2023:1280)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1280 advisory. OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images. The Image...

RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:2743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2743 advisory. jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) Note that Nessus has not tested for this issue but...

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) ...

RHEL 7 : openstack-ironic-inspector (RHSA-2019:1734)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1734 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...

RHEL 6 / 7 : python27-python (RHSA-2019:3948)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3948 advisory. python: Cookie domain check returns incorrect results (CVE-2018-20852) python: email.utils.parseaddr wrongly parses email addresses...

RHEL 7 : rh-redis5-redis (RHSA-2019:1819)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1819 advisory. redis: Heap buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10192) redis: Stack buffer overflow in HyperLogLog...

RHEL 7 : qemu-kvm-rhev (RHSA-2019:1743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1743 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 7 : rh-maven35-apache-commons-beanutils (RHSA-2019:4317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4317 advisory. apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) Note that Nessus has not...

RHEL 7 : openstack-octavia (RHSA-2019:3743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3743 advisory. The OpenStack Load Balancing service (openstack-octavia) provides a Load Balancing-as-a-Service (LBaaS) version 2 implementation for Red Hat...

RHEL 6 / 7 : rh-python36-python (RHSA-2019:3725)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3725 advisory. python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) python: DOS via regular...

RHEL 7 : qpid-proton (RHSA-2019:1399)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1399 advisory. qpid-proton: TLS Man in the Middle Vulnerability (CVE-2019-0223) Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2019:1151)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1151 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) Note that Nessus has not tested for this issue but has...

RHEL 7 : redis (RHSA-2019:2630)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2630 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2019:1150)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1150 advisory. rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320) rubygems: Escape sequence injection vulnerability in...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:2955)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2955 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PING frames results in unbounded...

RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2019:1258)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1258 advisory. mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) mysql: Server: Optimizer unspecified...

RHEL 6 / 7 : python27-python and python27-python-jinja2 (RHSA-2019:1260)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1260 advisory. python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745) python: DOS via regular expression...

RHEL 6 / 7 : rh-python36-python (RHSA-2019:0765)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0765 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) Note that Nessus has not tested for this issue but...

RHEL 7 : rh-nginx112-nginx (RHSA-2019:2746)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2746 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PRIORITY frames results in excessive...

RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-cinder) (RHSA-2023:1279)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1279 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through...

RHEL 7 : xorg-x11-server (RHSA-2024:0009)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0009 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical...

RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) ...

RHEL 8 : Red Hat Satellite 6 (RHSA-2024:1061)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1061 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 7 : openstack-tripleo-common (RHSA-2019:1683)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1683 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo). ...

RHEL 6 / 7 : rh-python35-python (RHSA-2019:0902)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0902 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) Note that Nessus has not tested for this issue but...