13052 matches found
VMSA-2024-0004:VMware Aria Operations updates address local privilege escalation vulnerability (CVE-2024-22235)
Advisory ID: | VMSA-2024-0004 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 6.7 Synopsis: | VMware Aria Operations updates address local privilege escalation vulnerability. CVE-2024-22235 Issue date: | 2024-02-20 Updated on: | 2024-02-20 Initial Advisory CVEs | CVE-2024-22235 1. Impacted...
VMSA-2024-0006:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
Advisory ID: | VMSA-2024-0006.1 ---|--- Advisory Severity: | Critical CVSSv3 Range: | 7.1-9.3 Synopsis: | VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 Issue date: | 2024-03-05 Updated on: |...
PT-2024-19296 · Vmware · Vmware Avi Load Balancer
Name of the Vulnerable Software and Affected Versions: VMware Avi Load Balancer affected versions not specified Description: The issue concerns an information disclosure problem where a malicious actor with access to the system logs can view cloud connection credentials in plaintext...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...
VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
Vmware vRealize Network Insight Command Injection
Vmware vRealize Network Insight version 6.2 6.10 are vulnerable to a Command Injection vulnerability. A remote unauthenticated attacker can perform remote code execution via a specially crafted request. No source data...
K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...
CVAD - Constant grey screen when launching ICA session to VDA 2311 on Windows Server 2022 on Vmware
After upgrading to VDA 2311, users may experience a grey screen when launching an ICA session to Windows 2022 Server running VDA 2311. This problem was not seen when customer was running VDA 2308. Users are also able to launch the session successfully when using manually created ICA file with the...
CVE-2023-52648
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
UBUNTU-CVE-2023-52648
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
Exploit for Code Injection in Vmware Spring_Framework
SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...
VMware RabbitMQ Installed (Windows)
Binary data vmwarerabbitmqwininstalled.nbin...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22243]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability when using UriComponentsBuilder to parse an externally provided URL CVE-2024-22243. VMware Tanzu Spring Framework is...
Exploit for Deserialization of Untrusted Data in Vmware Spring_For_Apache_Kafka
CVE-2023-34040 This PoC is cloned...
VulnCheck KEV: CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group 'ESXi Admins' by default...
MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 271 Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability i...