Lucene search
K

13053 matches found

The Hacker News
The Hacker News
added 2024/02/08 5:10 a.m.100 views

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 CVSS score:...

10CVSS9.6AI score0.78375EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.59 views

VMWare Aria Operations for Networks 6.x < 6.12 Multiple Vulnerabilities (VMSA-2024-0002)

According to its self-reported version, the instance of VMWare Aria Operations for Networks running on the remote web server is 6.x 6.12.0.1706185032. It is, therefore, affected by multiple vulnerabilities: - Aria Operations for Networks contains a local privilege escalation vulnerability. A...

7.8CVSS5.9AI score0.37849EPSS
Exploits0References8
CISA
CISA
added 2024/02/07 12:0 p.m.3 views

VMware Releases Security Advisory for Aria Operations for Networks

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory...

7.6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 10:44 a.m.32 views

Security Bulletin: IBM Sterling Control Center vulnerable to denial of service due to Spring Boot and remote code execution due to Spring Framework

Summary IBM Sterling Control Center containerized image uses VMWare Tanzu Spring Boot and Pivotal Spring Framework. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial...

9.8CVSS9.2AI score0.32257EPSS
Exploits4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.4 views

The vulnerability of the network and application monitoring tool in VMware Aria Operations for Networks, due to deficiencies in access control, allows a malicious actor to elevate their privileges to the root user level.

The vulnerability of the network and application monitoring tool in VMware Aria Operations for Networks is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to elevate their privileges to the level of a root user...

7.8CVSS7.4AI score0.00246EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

VMware Aria Operations Cross-Site Scripting Vulnerability

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations for Networks. An attacker could exploit this vulnerability to perform...

6.4CVSS6.1AI score0.00498EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.8 views

VMware Aria Operations Security Vulnerability

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid, and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations. An attacker could exploit the vulnerability to escalate privileges...

7.8CVSS7AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.12 views

VMware Aria Operations Security Vulnerability

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations for Networks. An attacker could exploit the vulnerability to escalate...

7.8CVSS7AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.4 views

PT-2024-1682 · Vmware · Vmware Aria Operations For Networks

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Networks affected versions not specified Description: The issue is related to a local file read vulnerability in VMware Aria Operations for Networks. This vulnerability can be exploited by a malicious actor with adm...

6.1CVSS4.7AI score0.00615EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.9 views

VMware Aria Operations Security Vulnerability

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations for Networks. An attacker could exploit the vulnerability to access sensitive...

4.9CVSS6.6AI score0.00615EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.4 views

The vulnerability of the Hitachi Storage Plug-in for VMware vCenter, related to the incorrect use of standard permissions, allows a malicious actor to read and update arbitrary data.

The vulnerability of the Hitachi Storage Plug-in for VMware vCenter is related to the incorrect use of standard permissions. Exploiting this vulnerability allows an attacker to read and update arbitrary data...

7.9CVSS7.3AI score0.00142EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 3:9 p.m.17 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit...

7.5CVSS8.5AI score0.01707EPSS
Exploits3Affected Software1
VMware
VMware
added 2024/02/04 12:0 a.m.77 views

VMSA-2024-0002:VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities

Advisory ID: VMSA-2024-0002 CVSSv3 Range: 4.3 - 7.8 Issue Date:2024-02-06 Updated On: 2024-02-06 Initial Advisory CVEs: CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241 Synopsis: VMware Aria Operations for Networks Formerly vRealize Network Insight updates address...

7.8CVSS6.3AI score0.37849EPSS
Exploits0References20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 10:29 p.m.31 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in VMware Tanzu Spring Boot

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Boot . Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...

7.1CVSS6.5AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 1:40 p.m.21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]

Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details fo...

7.5CVSS8.2AI score0.00904EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/31 6:25 a.m.1 views

File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A File and Directory Permissions Vulnerability exists in Hitachi Storage Plug-in for VMware vCenter. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor...

7.9CVSS6.8AI score0.00142EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.52 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
OSV
OSV
added 2024/01/30 3:15 a.m.1 views

CVE-2024-21840

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

7.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/01/30 3:15 a.m.17 views

CVE-2024-21840

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

7.9CVSS7.7AI score0.00142EPSS
Exploits0References1
Prion
Prion
added 2024/01/30 3:15 a.m.11 views

Design/Logic Flaw

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

3.2CVSS7.1AI score0.00142EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder