CVE-2024-38329

CVE-2024-38329 affects IBM Storage Protect for Virtual Environments: Data Protection for VMware, versions 8.1.0.0–8.1.22.0. The root cause is improper validation of user permissions, allowing a remote authenticated attacker to bypass restrictions and change settings, trigger or restore backups, a...

PT-2024-7163 · Vmware · Vmware Nsx

Name of the Vulnerable Software and Affected Versions: VMware NSX affected versions not specified Description: The issue is related to a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker-controlled domain, leading to...

VMware vCenter Server 7.0 < 7.0U3r / 8.0 < 8.0U2d Multiple Vulnerabilities (VMSA-2024-0012)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3r, or 8.0 prior to 8.0U2d. It is, therefore, affected by a partial information disclosure vulnerability as referenced in the VMSA-2024-0012 advisory: - The vCenter Server contains multiple heap-overflow...

CVE-2024-37079

creationtimestamp| type| source ---|---|--- 2024-06-18 10:35:10+00:00| seen| Telegram/obSPr9PV0DaqSLTggJciA2CpsnkCDUqehnwTxKSd-hA48 2024-06-18 10:56:22+00:00| seen| https://t.me/thehackernews/5132 2024-06-18 11:00:18+00:00| seen| https://t.me/KomunitiSiber/2122 2024-06-18 11:45:57+00:00| seen|...

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)

Advisory ID: | VMSA-2024-0012.1 ---|--- Severity: | Critical CVSSv3 Range: | 7.8-9.8 Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 Issue date: | 2024-06-17 Updated on: | 2026-01-23 CVEs |...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

PT-2024-4164

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to 8.0U2d, 8.0U1e, and 7.0U3r Description VMware vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. This out-of-bounds write flaw allows a malicious actor wi...

PT-2024-4328

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Description The vCenter Server has multiple local privilege escalation issues stemming from a misconfiguration of sudo. An authenticated local user with non-administrative privileges can...

PT-2024-4293

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Description The software contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to the server may trigger this...

VulnCheck KEV: CVE-2022-22948

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted network packet remotely...

VMware Fusion Out-of-bounds read Vulnerability (VMSA-2024-0005) - Mac OS X

VMware Fusion is prone to an out of bounds read vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:fusion";...

VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Windows

VMware Workstation is prone to an out of bounds read vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Linux

VMware Workstation is prone to an out of bounds read vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

USN-6817-3 linux-azure, linux-gke vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

USN-6817-3: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22201...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereferenc...