Photon OS 2.0: Postgresql PHSA-2019-2.0-0167

An update of the postgresql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0167. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Mercurial PHSA-2017-0038

An update of the mercurial package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

USN-6898-3: Linux kernel kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6898-3 linux-aws, linux-hwe-5.15 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

The vulnerability of the com.vmware.rvc plugin in the software for managing VMware vCenter Server allows a attacker to disclose sensitive information.

The vulnerability of the com.vmware.rvc plugin in the VMware vCenter Server virtualization infrastructure management software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6898-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointe...

VMware Aria Automation SQLi Vulnerability (VMSA-2024-0017)

The VMware Aria Automation application running on the remote host is affected by a SQL injection vulnerability due to incorrect input validation which allows for SQL-injection in the product. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote...

ELM won't boot after migrating ELM from VMWare to Nutanix AHV

Migrating ELM from VMWare to Nutanix AHV Hypervisor using the Nutanix Move appliance. After migration the ELM fails to boot entirely and you see the "dracut" prompt on the ELM from the hypervisor console...

USN-6898-2: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6898-2 linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference XXE Vulnerability CVE-2024-28995 SolarWinds Serv-U Path...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6898-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointe...

VMware vCenter Server Incorrect Default File Permissions Vulnerability

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

The vulnerability of the VMware Cloud Director Object Storage Extension lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the VMware Cloud Director Object Storage Extension relates to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

USN-6896-2: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-6896-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6896-2 advisory. It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An...

Attacks, Vulnerabilities and Actors 08 to 14 July 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of five attacks were executed, nine vulnerabilities were uncovered, and two active adversaries were...

USN-6898-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6898-1 linux, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

cloud-init bug fix update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...