Lucene search
K

13052 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 4:35 p.m.34 views

Security Bulletin: IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource

Summary IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could allow a local authenticated attacker to bypass security restrictions, caused...

5.5CVSS4.9AI score0.00216EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/16 12:0 a.m.4 views

The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation allows a hacker to execute arbitrary code.

The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

8.8CVSS8.6AI score0.00867EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/16 12:0 a.m.4 views

The vulnerability of the Raw Disk Handler component in VMware Fusion, related to insecure privilege management, allows an attacker to elevate their privileges to the root level.

The vulnerability of the Raw Disk Handler component in VMware Fusion relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level...

7.8CVSS7.6AI score0.00384EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/04/11 12:0 a.m.43 views

VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Windows

The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/04/11 12:0 a.m.31 views

VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Linux

The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS6.6AI score0.01191EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 9:27 a.m.42 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.4AI score0.59501EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/09 12:0 a.m.30 views

SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2024:1103-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1103-1 advisory. - CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value bsc1220062. -...

8.8CVSS7AI score0.01397EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.4 views

PT-2024-12343 · Telegram +1 · Telegram +1

Name of the Vulnerable Software and Affected Versions: ESXi affected versions not specified Telegram affected versions not specified Description: The issue is related to the Operation Cronos impact on LockBit, following a landmark disruption. It affects the financial industry, specifically in the...

8.6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/05 12:0 a.m.6 views

A vulnerability in the VMware SD-WAN Orchestrator management platform allows for the redirection of URLs to unreliable websites, enabling a hacker to redirect users to arbitrary URL addresses.

The vulnerability of the VMware SD-WAN Orchestrator management platform lies in the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...

8.5CVSS7.3AI score0.00385EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 6:41 p.m.23 views

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, and sensitive...

7.5CVSS8.2AI score0.03658EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.5 views

The vulnerability in the set of VMware Tools relates to improper privilege assignment, allowing a malicious actor to circumvent existing security restrictions.

The vulnerability of the VMware Tools set is related to the vulnerability of handling the file descriptor in the vmware-user-suid-wrapper layer. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

7CVSS6.5AI score0.00402EPSS
Exploits0References7Affected Software4
Redos
Redos
added 2024/04/03 12:0 a.m.6 views

ROS-20240402-19

A vulnerability in the VMware Tools suite for Windows operating systems is related to a flaw in the authorization procedure. of authorization. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges VMware Tools s utility suite vulnerability is relate...

7.5CVSS6.9AI score0.00667EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.5 views

The vulnerability of the user interface of the Edge Router microprogramming software for devices in the VMware SD-WAN Edge and VMware SD-WAN Orchestrator software platform for managing programmatically configurable networks allows a perpetrator to execute arbitrary commands.

The vulnerability of the Edge Router user interface of microprogramming software in VMware SD-WAN Edge and the VMware SD-WAN Orchestrator platform for managing programmatically configurable networks is related to the failure to eliminate special elements used in operating systems commands...

7.4CVSS7.5AI score0.00411EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/04/02 4:15 p.m.19 views

CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...

7.1CVSS6.8AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2024/04/02 4:15 p.m.15 views

CVE-2024-22246

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router...

7.4CVSS7.8AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2024/04/02 4:15 p.m.13 views

CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...

4.8CVSS5AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/02 3:51 p.m.13 views

CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...

7.1CVSS6.7AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 3:51 p.m.75 views

CVE-2024-22248

CVE-2024-22248 : VMware SD-WAN Orchestrator has an open redirect vulnerability caused by improper path handling, enabling a victim redirect to an attacker-controlled domain and leading to potential information disclosure. The CVSSv3.1 base score is 7.1 (HIGH) with NETWORK attack vector, LOW integ...

7.1CVSS7.2AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/02 3:51 p.m.17 views

CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...

7.1CVSS7AI score0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/02 3:49 p.m.11 views

CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...

4.8CVSS6.8AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder