13052 matches found
Security Bulletin: IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource
Summary IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could allow a local authenticated attacker to bypass security restrictions, caused...
The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation allows a hacker to execute arbitrary code.
The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Raw Disk Handler component in VMware Fusion, related to insecure privilege management, allows an attacker to elevate their privileges to the root level.
The vulnerability of the Raw Disk Handler component in VMware Fusion relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level...
VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Windows
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.3.34, 6.0.x < 6.0.19, 6.1.x < 6.1.6 SSRF Vulnerability - Linux
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2024:1103-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1103-1 advisory. - CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value bsc1220062. -...
PT-2024-12343 · Telegram +1 · Telegram +1
Name of the Vulnerable Software and Affected Versions: ESXi affected versions not specified Telegram affected versions not specified Description: The issue is related to the Operation Cronos impact on LockBit, following a landmark disruption. It affects the financial industry, specifically in the...
A vulnerability in the VMware SD-WAN Orchestrator management platform allows for the redirection of URLs to unreliable websites, enabling a hacker to redirect users to arbitrary URL addresses.
The vulnerability of the VMware SD-WAN Orchestrator management platform lies in the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...
Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, and sensitive...
The vulnerability in the set of VMware Tools relates to improper privilege assignment, allowing a malicious actor to circumvent existing security restrictions.
The vulnerability of the VMware Tools set is related to the vulnerability of handling the file descriptor in the vmware-user-suid-wrapper layer. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
ROS-20240402-19
A vulnerability in the VMware Tools suite for Windows operating systems is related to a flaw in the authorization procedure. of authorization. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges VMware Tools s utility suite vulnerability is relate...
The vulnerability of the user interface of the Edge Router microprogramming software for devices in the VMware SD-WAN Edge and VMware SD-WAN Orchestrator software platform for managing programmatically configurable networks allows a perpetrator to execute arbitrary commands.
The vulnerability of the Edge Router user interface of microprogramming software in VMware SD-WAN Edge and the VMware SD-WAN Orchestrator platform for managing programmatically configurable networks is related to the failure to eliminate special elements used in operating systems commands...
CVE-2024-22248
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...
CVE-2024-22246
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router...
CVE-2024-22247
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...
CVE-2024-22248
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...
CVE-2024-22248
CVE-2024-22248 : VMware SD-WAN Orchestrator has an open redirect vulnerability caused by improper path handling, enabling a victim redirect to an attacker-controlled domain and leading to potential information disclosure. The CVSSv3.1 base score is 7.1 (HIGH) with NETWORK attack vector, LOW integ...
CVE-2024-22248
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...
CVE-2024-22247
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...