Lucene search
K

13053 matches found

CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

VMware SD-WAN Orchestrator 安全漏洞

VMware SD-WAN Orchestrator is a software from VMware that is used to orchestrate network data flows in a software-defined network architecture. The software provides web pages to visualize and manage users, gateways, and authentication. A security vulnerability exists in VMware SD-WAN Orchestrato...

7.1CVSS7.3AI score0.00385EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.12 views

VMware Fusion SEoL (4.0.x)

According to its version, VMware Fusion is 4.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.11 views

VMware Fusion SEoL (1.0.x)

According to its version, VMware Fusion is 1.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.12 views

VMware Fusion SEoL (7.0.x)

According to its version, VMware Fusion is 7.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.12 views

VMware Fusion SEoL (3.0.x)

According to its version, VMware Fusion is 3.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

5.5AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:45 a.m.43 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2023-34053

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS6.7AI score0.0115EPSS
Exploits0Affected Software1
hivepro
hivepro
added 2024/03/29 8:25 a.m.14 views

Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally

Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:12 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.04561EPSS
Exploits4Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/03/26 12:0 a.m.37 views

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/26 12:0 a.m.143 views

VMware ESXi 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0016)

The version of VMware ESXi installed on the remote host is prior to 6.7 P07, or 7.x prior to 7.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2022-0016 advisory: - Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow a...

5.5CVSS6.5AI score0.06451EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/22 12:0 a.m.84 views

VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with...

6.5CVSS7.8AI score0.04947EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/19 5:43 p.m.5 views

kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c

An integer overflow was found in the Linux kernel's vmwgfx driver. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, and able to issue an ioctl on the resulting file descriptor to crash the system, causing a denial of service...

6.3CVSS6.7AI score0.00459EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/19 5:43 p.m.3 views

kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context

A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmwexecbuftiecontext. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causin...

6.3CVSS6.8AI score0.00485EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/19 5:43 p.m.4 views

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.9AI score0.00282EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/03/18 12:0 a.m.4 views

The vulnerability of the VMware Enhanced Authentication Plug-in’s authentication module, related to improper session management, allows attackers to escalate their privileges.

The vulnerability of the VMware Enhanced Authentication Plug-in EAP is related to improper session management. Exploiting this vulnerability can allow attackers to gain increased privileges...

7.8CVSS7.6AI score0.00348EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/03/18 12:0 a.m.3 views

The vulnerability of the VMware Cloud Director platform, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the VMware Cloud Director platform relates to insufficient protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.5AI score0.00418EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.4 views

VMware Spring Security Security Vulnerability

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.2.0 through 6.2.2, 6.1.0 through 6.1.7, 6.0.0 through 6.0.9, 5.8.0 through 5.8.10, and 5.7.0...

8.2CVSS7AI score0.00776EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.83 views

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Linux

VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.1CVSS6.5AI score0.02573EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.61 views

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Windows

VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.1CVSS6.5AI score0.02573EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/15 12:0 a.m.61 views

VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux

The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS6.6AI score0.02573EPSS
Exploits1References2
Rows per page
Query Builder