Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct...

RHEL 7 : open-vm-tools (RHSA-2024:5315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5315 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

Photon OS 3.0: Linux PHSA-2024-3.0-0780

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0780. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Wget PHSA-2024-3.0-0779

An update of the wget package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0779. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Go PHSA-2024-3.0-0779

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0779. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid205398...

Photon OS 3.0: Nss PHSA-2024-3.0-0778

An update of the nss package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0778. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20526...

kernel: drm/vmwgfx: Fix invalid reads in fence signaled events

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...

kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmwgmridmangetnode The Linux kernel CVE team has assigned CVE-2023-52662 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2023-52662-1536@gregkh/T...

Photon OS 5.0: Linux PHSA-2024-5.0-0248

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0248. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

kernel: drm/vmwgfx: Fix invalid reads in fence signaled events

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...

Photon OS 3.0: Linux PHSA-2024-3.0-0765

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0765. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22262]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder CVE-2024-22262. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

Photon OS 4.0: Mysql PHSA-2024-4.0-0661

An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0661. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

USN-6927-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6927-1 linux-gcp-5.15 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

Vulnerabilities fixed in VMware ESXi and vCenter Server

VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...

CVE-2024-37087

creationtimestamp| type| source ---|---|--- 2024-07-30 08:10:29+00:00| seen| https://www.cert.at/de/warnungen/2024/7/kritische-sicherheitslucke-in-vmware-esxi-aktiv-ausgenutzt-update-verfugbar...

CVE-2024-37086

creationtimestamp| type| source ---|---|--- 2024-07-30 08:10:29+00:00| seen| https://www.cert.at/de/warnungen/2024/7/kritische-sicherheitslucke-in-vmware-esxi-aktiv-ausgenutzt-update-verfugbar...

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 CVSS score: 6.8, an Active Directory integration...