Lucene search
K

13052 matches found

VMware
VMware
added 2024/05/08 12:0 a.m.43 views

VMSA-2024-0004:VMware Aria Operations updates address local privilege escalation vulnerability (CVE-2024-22235)

Advisory ID: | VMSA-2024-0004 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 6.7 Synopsis: | VMware Aria Operations updates address local privilege escalation vulnerability. CVE-2024-22235 Issue date: | 2024-02-20 Updated on: | 2024-02-20 Initial Advisory CVEs | CVE-2024-22235 1. Impacted...

6.7CVSS7AI score0.00194EPSS
Exploits0References13Affected Software2
VMware
VMware
added 2024/05/08 12:0 a.m.173 views

VMSA-2024-0006:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)

Advisory ID: | VMSA-2024-0006.1 ---|--- Advisory Severity: | Critical CVSSv3 Range: | 7.1-9.3 Synopsis: | VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 Issue date: | 2024-03-05 Updated on: |...

9.3CVSS9AI score0.03542EPSS
Exploits0References49Affected Software4
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.6 views

PT-2024-19296 · Vmware · Vmware Avi Load Balancer

Name of the Vulnerable Software and Affected Versions: VMware Avi Load Balancer affected versions not specified Description: The issue concerns an information disclosure problem where a malicious actor with access to the system logs can view cloud connection credentials in plaintext...

6.8CVSS6.8AI score0.00399EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:54 p.m.57 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

7.3CVSS7.4AI score0.7795EPSS
Exploits3Affected Software1
The Hacker News
The Hacker News
added 2024/05/07 12:55 p.m.23 views

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...

8.3AI score0.99999EPSS
Exploits23
VMware
VMware
added 2024/05/07 12:0 a.m.31 views

VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)

Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...

9.6CVSS8.8AI score0.01262EPSS
Exploits0References17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:53 p.m.47 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

9.8CVSS8.8AI score0.32257EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.14 views

Vmware vRealize Network Insight Command Injection

Vmware vRealize Network Insight version 6.2 6.10 are vulnerable to a Command Injection vulnerability. A remote unauthenticated attacker can perform remote code execution via a specially crafted request. No source data...

9.8CVSS8.5AI score0.98243EPSS
Exploits7References4
F5 Networks
F5 Networks
added 2024/05/02 11:29 a.m.35 views

K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250

Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...

9.6CVSS8.6AI score0.01262EPSS
Exploits0
Citrix
Citrix
added 2024/05/02 12:0 a.m.7 views

CVAD - Constant grey screen when launching ICA session to VDA 2311 on Windows Server 2022 on Vmware

After upgrading to VDA 2311, users may experience a grey screen when launching an ICA session to Windows 2022 Server running VDA 2311. This problem was not seen when customer was running VDA 2308. Users are also able to launch the session successfully when using manually created ICA file with the...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/05/01 10:23 p.m.24 views

CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

5.5CVSS7.1AI score0.00225EPSS
Exploits0References4
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

UBUNTU-CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2024/05/01 2:36 a.m.374 views

Exploit for Code Injection in Vmware Spring_Framework

SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.7 views

VMware RabbitMQ Installed (Windows)

Binary data vmwarerabbitmqwininstalled.nbin...

7.3AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 6:19 p.m.28 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22243]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability when using UriComponentsBuilder to parse an externally provided URL CVE-2024-22243. VMware Tanzu Spring Framework is...

8.1CVSS7.7AI score0.03967EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2024/04/24 3:54 a.m.509 views

Exploit for Deserialization of Untrusted Data in Vmware Spring_For_Apache_Kafka

CVE-2023-34040 This PoC is cloned...

7.8CVSS7.8AI score0.02162EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2024/04/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group 'ESXi Admins' by default...

7.2CVSS7.4AI score0.2677EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/22 11:5 a.m.64 views

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

9.1CVSS9.7AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/04/19 11:1 a.m.59 views

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities...

9.1CVSS8.2AI score0.71789EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 1:43 p.m.44 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 271 Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability i...

8.1CVSS7.3AI score0.03967EPSS
Exploits2Affected Software1
Rows per page
Query Builder