13053 matches found
VMware Tools 安全漏洞
VMware Tools is an enhancement tool that comes with VMWare virtual machines from VMware, Inc. It is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security...
PT-2025-20732 · Vmware · Vmware Aria Automation
Name of the Vulnerable Software and Affected Versions: VMware Aria automation affected versions not specified Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this to steal the access token of a logged-in user by tricking them into clicki...
VMSA-2025-0007: VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247)
Advisory ID: | VMSA-2025-0007 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 6.1 Synopsis: | VMware Tools update addresses an insecure file handling vulnerability CVE-2025-22247 Issue date: | 2025-05-12 Updated on: | 2025-05-12 Initial Advisory CVEs | CVE-2025-22247 1. Impacted Products...
VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
Advisory ID: | VMSA-2025-0008 ---|--- Advisory Severity: | Important CVSSv3 Range: | 8.2 Synopsis: | VMware Aria automation updates address a DOM based Cross-site scripting vulnerability CVE-2025-22249 Issue date: | 2025-05-12 Updated on: | 2025-05-12 CVEs | CVE-2025-22249 1. Impacted Products...
UBUNTU-CVE-2025-22247
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...
Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data
Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...
Photon OS 4.0: Gnuplot PHSA-2025-4.0-0791
An update of the gnuplot package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0791. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Gnuplot PHSA-2025-5.0-0516
An update of the gnuplot package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0516. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Linux PHSA-2025-4.0-0792
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0792. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Tpm2 PHSA-2025-5.0-0516
An update of the tpm2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0516. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Openssh PHSA-2025-5.0-0515
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0515. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Openssh PHSA-2025-4.0-0790
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0790. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-37079, CVE-2024-37080, CVE-2024-37081]
Summary Vulnerabilities in Broadcom VMware vCenter affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-37079 DESCRIPTION: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may...
USN-7475-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a denial of service in VMware Tanzu Spring [CVE-2024-38809]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in VMware Tanzu Spring, caused by improper input validation CVE-2024-38809. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to weak security in VMware Tanzu Spring [CVE-2024-38820]
Summary IBM Watson Speech Services Cartridge is vulnerable to weak security in VMware Tanzu Spring, caused by a flaw related to disallowedFields patterns and case insensitivity in DataBinder CVE-2024-38820. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]
Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38819]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web framework: WebMvc.fn or WebFlux.fn CVE-2024-38819. VMware Tanzu Spring is used in our Speech microservices. This...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38816]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web frameworks: WebMvc.fn or WebFlux.fnCVE-2024-38816. VMware Tanzu Spring is used in our Speech microservices. This...
Security Bulletin:VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data
Summary VMware Tanzu Spring Framework could provide weaker than expected securitycaused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could...