USN-7121-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

USN-7119-1 linux-iot vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Several security issues were discovered in the Linux kernel. An attacker could...

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The...

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added CVE-2024-1212 CVSS score: 10.0, a maximum-severity security...

The vulnerability of the mount.vmhgfs component in the VMware Open-vm-tools module set is related to incorrect definition of symbolic links before accessing the file. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the mount.vmhgfs component in the VMware Open-vm-tools module set is related to incorrect definition of symbolic references before accessing the file. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause...

The vulnerability of DRM/VMWGFX components in Linux operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the DRM/VMWGFX components of the Linux operating system is related to a memory leak in the vmwgmridmangetnode function. Exploiting this vulnerability could allow an attacker to cause a service failure...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from the use of the RequestBody byte method parameter in the...

VMware Spring Framework < 5.3.42 DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.42 DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Photon OS 5.0: Apache PHSA-2024-5.0-0402

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0402. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Linux PHSA-2024-4.0-0711

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0711. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Apr PHSA-2024-4.0-0711

An update of the apr package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0711. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid21139...

USN-7088-5 linux-raspi, linux-raspi-5.4 vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Several security issues were discovered in the Linux kernel. An attacker could...

Photon OS 5.0: Libarchive PHSA-2024-5.0-0400

An update of the libarchive package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0400. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of DRM/VMWGFX components in Linux operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the DRM/VMWGFX components of the Linux operating system is related to errors in resource management in the vmwdebugfsresourcemanagersinit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Photon OS 3.0: Curl PHSA-2024-3.0-0802

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory

A vulnerability was found in the drm/vmwgfx driver in the Linux kernel, concerning the lifetime management of the buffer object BO cursor memory. This issue occurs due to improper handling of the cursor memory's lifecycle, which could lead to use-after-free errors or crashes...

kernel: drm/vmwgfx: Fix invalid reads in fence signaled events

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...

Security Bulletin: IBM Sterling Connect:Direct Web Services is uses spring-web-6.0.21.jar which is vulnerable to denial of service

Summary IBM Sterling Connect:Direct Web Services uses VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by...