Lucene search
K

13053 matches found

CVE
CVE
added 2024/01/30 2:8 a.m.46 views

CVE-2024-21840

CVE-2024-21840 concerns the Hitachi Storage Plug‑in for VMware vCenter. Affected versions are 04.0.0 through 04.9.2. The issue is an "Incorrect Default Permissions" vulnerability that enables local users to read and write specific files. The primary root cause is misconfigured default permissions...

7.9CVSS6.8AI score0.00142EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/30 2:8 a.m.23 views

CVE-2024-21840 Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

7.9CVSS7.9AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/30 2:8 a.m.15 views

CVE-2024-21840 Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

7.9CVSS6.9AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.2 views

Hitachi Storage Plug-in for VMware vCenter Security Vulnerability

Hitachi Storage Plug-in for VMware vCenter is a plug-in from Hitachi, Japan. It allows integrated management of Hitachie storage systems in vCenter. A security vulnerability exists in Hitachi Storage Plug-in versions 04.0.0 through 04.9.2, which stems from incorrect default permissions...

7.9CVSS6.8AI score0.00142EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/29 7:2 a.m.33 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Golang GO and VMware Tanzu Spring Framework

Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running...

9.8CVSS9.5AI score0.03514EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/26 12:0 a.m.36 views

RHEL 8 : open-vm-tools (RHSA-2023:7264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7264 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

7.5CVSS6.7AI score0.00667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/25 11:4 a.m.5 views

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.7AI score0.00282EPSS
Exploits0References4
Citrix
Citrix
added 2024/01/22 12:0 a.m.6 views

Support for machine profile in VMware

This article describes theSupport for machine profile feature in VMwareenvironments...

7.1AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/22 12:0 a.m.71 views

VMware vCenter Server Out-of-Bounds Write Vulnerability

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution...

9.8CVSS8.1AI score0.99428EPSS
In wildExploits1
OpenVAS
OpenVAS
added 2024/01/22 12:0 a.m.17 views

VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.01048EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/01/22 12:0 a.m.54 views

VMware Spring Boot 3.1.7 / 3.2.1 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS7.4AI score0.01048EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/01/20 10:23 a.m.103 views

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...

9.8CVSS6.2AI score0.99428EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/01/19 3:40 p.m.82 views

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...

10CVSS10AI score0.99999EPSS
Exploits121
Tenable Nessus
Tenable Nessus
added 2024/01/19 12:0 a.m.45 views

VMware Aria Automation Access Control Vulnerability (VMSA-2024-0001)

The VMware Aria Automation application running on the remote host is prior to 8.11.0 Build 30127, 8.12.0 Build 31368, 8.13.0 Build 32385, 8.14.1 Build 33501, or 8.16.0. It is, therefore, affected by a missing access control vulnerability. An authenticated malicious actor may exploit this...

9.9CVSS8.6AI score0.00949EPSS
Exploits0References2
CISA
CISA
added 2024/01/17 12:0 p.m.13 views

VMware Releases Security Advisory for Aria Automation

VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...

9.9CVSS7AI score0.00949EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 9:46 a.m.35 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34058 DESCRIPTION: VMware Tools could allow a remote attacker to gain elevate...

9.8CVSS8.9AI score0.80819EPSS
Exploits16Affected Software1
The Hacker News
The Hacker News
added 2024/01/17 4:14 a.m.131 views

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 CVSS score: 5.5 - Authenticated low privileged remote code...

10CVSS8.8AI score0.99999EPSS
Exploits62
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.6 views

The vulnerability of VMware Cloud Foundation (previously Aria Automation) and the VMware Aria Automation automation software (previously vRealize Automation) lies in their lack of access control mechanisms. This allows a malicious individual to gain full access to these automation tools.

The vulnerability of the VMware Cloud Foundation virtualization platform previously Aria Automation and the VMware Aria Automation automation software previously vRealize Automation is related to lack of access control. Exploiting this vulnerability can allow a malicious actor to gain full access...

9.9CVSS8AI score0.00949EPSS
Exploits0References5
OSV
OSV
added 2024/01/16 12:28 p.m.7 views

SUSE-SU-2024:0111-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...

9.8CVSS9.1AI score0.02106EPSS
Exploits0References11
OSV
OSV
added 2024/01/16 12:28 p.m.8 views

SUSE-SU-2024:0109-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...

9.8CVSS9.1AI score0.02106EPSS
Exploits0References11
Rows per page
Query Builder