Lucene search
K

13053 matches found

CNNVD
CNNVD
added 2025/05/12 12:0 a.m.3 views

VMware Tools 安全漏洞

VMware Tools is an enhancement tool that comes with VMWare virtual machines from VMware, Inc. It is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security...

6.1CVSS6.2AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.7 views

PT-2025-20732 · Vmware · Vmware Aria Automation

Name of the Vulnerable Software and Affected Versions: VMware Aria automation affected versions not specified Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this to steal the access token of a logged-in user by tricking them into clicki...

8.5CVSS8.3AI score0.00317EPSS
Exploits0References11
VMware
VMware
added 2025/05/12 12:0 a.m.81 views

VMSA-2025-0007: VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247)

Advisory ID: | VMSA-2025-0007 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 6.1 Synopsis: | VMware Tools update addresses an insecure file handling vulnerability CVE-2025-22247 Issue date: | 2025-05-12 Updated on: | 2025-05-12 Initial Advisory CVEs | CVE-2025-22247 1. Impacted Products...

6.1CVSS6.7AI score0.00249EPSS
Exploits0References3Affected Software1
VMware
VMware
added 2025/05/12 12:0 a.m.46 views

VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

Advisory ID: | VMSA-2025-0008 ---|--- Advisory Severity: | Important CVSSv3 Range: | 8.2 Synopsis: | VMware Aria automation updates address a DOM based Cross-site scripting vulnerability CVE-2025-22249 Issue date: | 2025-05-12 Updated on: | 2025-05-12 CVEs | CVE-2025-22249 1. Impacted Products...

8.2CVSS6.1AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2025/05/12 12:0 a.m.4 views

UBUNTU-CVE-2025-22247

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...

6.1CVSS5.8AI score0.00249EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 2:39 p.m.14 views

Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...

5.3CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.5 views

Photon OS 4.0: Gnuplot PHSA-2025-4.0-0791

An update of the gnuplot package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0791. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.2CVSS6.5AI score0.00184EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.5 views

Photon OS 5.0: Gnuplot PHSA-2025-5.0-0516

An update of the gnuplot package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0516. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.2CVSS6.5AI score0.00184EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.3 views

Photon OS 4.0: Linux PHSA-2025-4.0-0792

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0792. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS7.8AI score0.00276EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.3 views

Photon OS 5.0: Tpm2 PHSA-2025-5.0-0516

An update of the tpm2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0516. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.4CVSS6.7AI score0.00519EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.6 views

Photon OS 5.0: Openssh PHSA-2025-5.0-0515

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0515. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

4.3CVSS6.6AI score0.00149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.5 views

Photon OS 4.0: Openssh PHSA-2025-4.0-0790

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0790. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

4.3CVSS6.6AI score0.00149EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 11:46 p.m.26 views

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-37079, CVE-2024-37080, CVE-2024-37081]

Summary Vulnerabilities in Broadcom VMware vCenter affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-37079 DESCRIPTION: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may...

9.8CVSS7.6AI score0.22377EPSS
Exploits3Affected Software1
Ubuntu
Ubuntu
added 2025/05/02 10:27 a.m.26 views

USN-7475-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...

7.8CVSS7.3AI score0.06197EPSS
Exploits13
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:54 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a denial of service in VMware Tanzu Spring [CVE-2024-38809]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in VMware Tanzu Spring, caused by improper input validation CVE-2024-38809. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

5.3CVSS6.8AI score0.00858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:52 p.m.20 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to weak security in VMware Tanzu Spring [CVE-2024-38820]

Summary IBM Watson Speech Services Cartridge is vulnerable to weak security in VMware Tanzu Spring, caused by a flaw related to disallowedFields patterns and case insensitivity in DataBinder CVE-2024-38820. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been...

5.3CVSS6.2AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:50 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...

4.8CVSS6.2AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:49 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38819]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web framework: WebMvc.fn or WebFlux.fn CVE-2024-38819. VMware Tanzu Spring is used in our Speech microservices. This...

7.5CVSS6.3AI score0.54862EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:47 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web frameworks: WebMvc.fn or WebFlux.fnCVE-2024-38816. VMware Tanzu Spring is used in our Speech microservices. This...

7.5CVSS6.1AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 1:59 p.m.20 views

Security Bulletin:VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected securitycaused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could...

5.3CVSS7.5AI score0.05413EPSS
Exploits2Affected Software1
Rows per page
Query Builder