VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Windows

VMware Spring Boot is prone to a signature forgery vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Linux

VMware Spring Boot is prone to a signature forgery vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7029-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7029-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6999-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7007-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-3 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

High-Risk Vulnerabilities in Common Enterprise Technologies

Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize remediation for these issues on an expedited...

VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware...

VMware vCenter Server 7.x < 7.0 U3t / 8.x < 8.0.3 U3d Multiple Vulnerabilities (VMSA-2024-0019)

The version of VMware vCenter Server installed on the remote host is 7.x prior to 7.0 U3t or 8.x prior to 8.0 U3d. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0019 advisory: - The vCenter Server contains a heap-overflow vulnerability in the implementation...

VulnCheck KEV: CVE-2024-38812

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...

USN-7019-1 linux-xilinx-zynqmp vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a attacker to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted...

VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)

Advisory ID: | VMSA-2024-0019.3 ---|--- Severity: | Critical CVSSv3 Range: | 7.5-9.8 Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities CVE-2024-38812, CVE-2024-38813 Issue date: | 2024-09-17 Updated on: | 2024-10-21 CVEs | CVE-2024-38812,...

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

PT-2024-6262

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 7.0 through 8.0 VMware Cloud Foundation versions 7.0 through 8.0 Description VMware vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with netwo...

VMware vCenter Server 安全漏洞

VMware vCenter Server is a virtualization management platform provided by VMware to centrally manage and monitor VMware vSphere virtualized environments. A heap overflow vulnerability exists in VMware vCenter Server due to a heap overflow vulnerability in VMware vCenter Server's implementation of...

Photon OS 3.0: Linux PHSA-2024-3.0-0795

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0795. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu: Security Advisory (USN-7003-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...