13053 matches found
CVE-2024-21840
CVE-2024-21840 concerns the Hitachi Storage Plug‑in for VMware vCenter. Affected versions are 04.0.0 through 04.9.2. The issue is an "Incorrect Default Permissions" vulnerability that enables local users to read and write specific files. The primary root cause is misconfigured default permissions...
CVE-2024-21840 Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...
CVE-2024-21840 Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...
Hitachi Storage Plug-in for VMware vCenter Security Vulnerability
Hitachi Storage Plug-in for VMware vCenter is a plug-in from Hitachi, Japan. It allows integrated management of Hitachie storage systems in vCenter. A security vulnerability exists in Hitachi Storage Plug-in versions 04.0.0 through 04.9.2, which stems from incorrect default permissions...
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Golang GO and VMware Tanzu Spring Framework
Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running...
RHEL 8 : open-vm-tools (RHSA-2023:7264)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7264 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
Support for machine profile in VMware
This article describes theSupport for machine profile feature in VMwareenvironments...
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution...
VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Boot 3.1.7 / 3.2.1 DoS Vulnerability
VMware Spring Boot is prone to a denial of service DoS vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...
VMware Aria Automation Access Control Vulnerability (VMSA-2024-0001)
The VMware Aria Automation application running on the remote host is prior to 8.11.0 Build 30127, 8.12.0 Build 31368, 8.13.0 Build 32385, 8.14.1 Build 33501, or 8.16.0. It is, therefore, affected by a missing access control vulnerability. An authenticated malicious actor may exploit this...
VMware Releases Security Advisory for Aria Automation
VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34058 DESCRIPTION: VMware Tools could allow a remote attacker to gain elevate...
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 CVSS score: 5.5 - Authenticated low privileged remote code...
The vulnerability of VMware Cloud Foundation (previously Aria Automation) and the VMware Aria Automation automation software (previously vRealize Automation) lies in their lack of access control mechanisms. This allows a malicious individual to gain full access to these automation tools.
The vulnerability of the VMware Cloud Foundation virtualization platform previously Aria Automation and the VMware Aria Automation automation software previously vRealize Automation is related to lack of access control. Exploiting this vulnerability can allow a malicious actor to gain full access...
SUSE-SU-2024:0111-1 Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...
SUSE-SU-2024:0109-1 Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...