VMware Aria Automation SSRF (VMSA-2025-0001)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0001 advisory. - VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with 'Organization Member' access to Aria Automation...

USN-7173-3 linux-raspi-5.4 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Several security issues were discover...

Ubuntu 18.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7173-3)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7173-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereferenc...

USN-7195-2 linux-azure-5.4 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Several security issues were discover...

Photon OS 5.0: Chromium PHSA-2025-5.0-0445

An update of the chromium package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0445. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ransomware on ESXi: The Mechanization of Virtualized Attacks

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet according to Shodan, the operational and business impact of these attacks is profound...

PT-2025-1374 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2025-23128 - CVE-2022-47713: VMware VMware Workstation - Inadequate Bounds Checking", "Content": "CVE ID : CVE-2025-23128 Published : Jan. 11, 2025, 3:15 p.m. | 42 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE...

USN-7169-5: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network traffic control; - VMware vSockets driver; CVE-2024-49967, CVE-2024-53057, CVE-2024-502...

USN-7169-5 linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network traffic control; - VMware vSockets driver; CVE-2024-49967, CVE-2024-53057, CVE-2024-502...

Exploit for Out-of-bounds Write in Vmware Cloud_Foundation

CVE-2021-21974 PoC - VMware ESXi RCE Exploit Descrição Est...

Photon OS 5.0: Gtk3 PHSA-2025-5.0-0442

An update of the gtk3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0442. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 24.10 : Linux kernel (Real-time) vulnerabilities (USN-7169-5)

The remote Ubuntu 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7169-5 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...

Photon OS 5.0: Libsoup PHSA-2025-5.0-0439

An update of the libsoup package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0439. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

USN-7169-4: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network traffic control; - VMware vSockets driver; CVE-2024-49967, CVE-2024-53057, CVE-2024-502...

USN-7169-4 linux-azure vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network traffic control; - VMware vSockets driver; CVE-2024-49967, CVE-2024-53057, CVE-2024-502...

USN-7195-1 linux-azure vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Several security issues were discover...

Ubuntu 24.10 : Linux kernel (Azure) vulnerabilities (USN-7169-4)

The remote Ubuntu 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7169-4 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...

Photon OS 4.0: Linux PHSA-2025-4.0-0732

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0732. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Squid PHSA-2024-3.0-0809

An update of the squid package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0809. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-22215

The CVE-2025-22215 SSRF vulnerability affects VMware Aria Automation. A malicious actor with "Organization Member" access can abuse server-side requests to enumerate internal services on the host/network. The advisory (VMSA-2025-0001) notes a CVSSv3 base score of 4.3 (Moderate) and lists fixed ve...