CVE-2024-38818

CVE-2024-38818 affects VMware NSX (local privilege escalation). An authenticated attacker can elevate privileges to access a higher group role. Root cause is a local privilege escalation in NSX components. Impact is moderate (CVSS v3.1 base score up to 6.7) with high confidentiality and integrity...

CVE-2024-38817

VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root...

CVE-2024-38817

CVE-2024-38817 – VMware NSX command injection : A vulnerability in VMware NSX allows a malicious actor with access to the NSX Edge CLI to craft payloads that execute arbitrary commands as root on the OS. The issue affects NSX products (NSX, NSX-T, Cloud Foundation variants) and is rated Moderate ...

VMware NSX 安全漏洞

VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. VMware NSX provides a virtualized network for virtual machines, isolates virtual machines from the physical network, and makes network services independent of specific physical network devices, allowing users...

VMware NSX 安全漏洞

VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. VMware NSX provides a virtualized network for virtual machines, isolates virtual machines from the physical network, and makes network services independent of specific physical network devices, allowing users...

VMware NSX 安全漏洞

VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. It provides virtual machines with a virtualized network, isolates virtual machines from the physical network, and makes...

FydeOS多款产品 安全漏洞

FydeOS is an operating system from Flintstone Innovations FydeOS. A security vulnerability exists in various FydeOS products, which stems from setting the root password to a wildcard, allowing an attacker to gain root access without a password. The affected products and versions are as follows:...

VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815)

Advisory ID: | VMSA-2024-0020 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 4.3-6.7 Synopsis: | VMware NSX updates address multiple vulnerabilities CVE-2024-38818, CVE-2024-38817, CVE-2024-38815 Issue date: | 2024-10-09 Updated on: | 2024-10-09 Initial Advisory CVEs | CVE-2024-38818,...

Security Bulletin: IBM Operational Decision Manager for Sep 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38808...

The vulnerability of VMware Fusion’s hypervisor, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of VMware Fusion relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the Fusion application...

Ubuntu: Security Advisory (USN-7003-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to convert MCS provisioned VM’s identity disks to streaming optimized disks.

Description: Support for VMware vSAN8 was incorporated into all current releases of Citrix Virtual Apps and Desktops as detailed in thisblog. With this support, Machine Creation Services MCS creates VMDK files with a stream-optimized format for all VMs. As the blog mentioned, there might be...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-7003-5)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7003-5 advisory. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could us...

The vulnerability of VMware vCenter Server’s software management system, related to deficiencies in access control, allows attackers to increase their privileges.

The vulnerability of VMware vCenter Server’s software management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by sending specially crafted malware packages remotely...

Photon OS 5.0: Linux PHSA-2024-5.0-0378

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0378. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu: Security Advisory (USN-7003-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 3.0: Imagemagick PHSA-2024-3.0-0797

An update of the ImageMagick package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0797. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7009-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from vulnerability to denial-of-service attacks when parsing ETags...

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Windows

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...