Vagrant VMWare Utility 安全漏洞

HashiCorp Vagrant VMware Utility is a utility service from HashiCorp USA. A security vulnerability exists in Vagrant VMWare Utility version 1.0.22 and earlier, which originates from the Windows installer using an unprotected path against a custom location, which could be modified by an unauthoriz...

The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension (HCX) migration software allows a attacker to execute arbitrary code.

The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension HCX migration software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SQ...

PT-2024-16127 · Vagrant · Vagrant Vmware Utility

Name of the Vulnerable Software and Affected Versions: Vagrant VMWare Utility version 1.0.23 and earlier Description: The Vagrant VMWare Utility Windows installer has a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes...

Security Bulletin: Vulnerabilities in Broadcom VMware ESXi affect IBM Cloud Pak System.

Summary Vulnerabilities in Broadcom VMware ESXi affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22254 DESCRIPTION: VMware ESXi could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the VMX sandbox process. An...

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-22274, CVE-2024-22275, CVE-2024-37087]

Summary Vulnerabilities in Broadcom VMware vCenter affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22274 DESCRIPTION: Broadcom VMware vCenter Server and Cloud Foundation could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

Photon OS 5.0: Unbound PHSA-2024-5.0-0389

An update of the unbound package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0389. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

The vulnerability of VMware NSX network virtualization platform, related to the lack of security measures for website structures, allows attackers to gain unauthorized access to protected information.

The vulnerability of VMware NSX network virtualization platform is related to the lack of security measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by replacing the URL address...

Photon OS 3.0: Linux PHSA-2024-3.0-0800

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0800. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...

VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the listExtensions method. The issue results from the lack of proper...

VMware vCenter Server Heap Overflow Vulnerability

VMware vCenter Server is a virtualization management platform provided by VMware to centrally manage and monitor VMware vSphere virtualized environments. A heap overflow vulnerability exists in VMware vCenter Server due to a heap overflow vulnerability in VMware vCenter Server's implementation of...

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC...

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Windows

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-49886

In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: 19.411889 ==================================================================...

CVE-2024-49886 platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug

In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: 19.411889 ==================================================================...

CVE-2024-49886 platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug

In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: 19.411889 ==================================================================...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, highly sensitive information exposure,...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from case-sensitive matching exceptions that could cause fields to...