13053 matches found
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2887)
According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...
PT-2024-1101 · Vmware · Vmware Cloud Foundation +1
Name of the Vulnerable Software and Affected Versions: VMware Aria Automation formerly vRealize Automation versions prior to the fixed version VMware Cloud Foundation formerly Aria Automation versions prior to the fixed version Description: The issue is related to a Missing Access Control...
VMware Aria Automation and VMware Cloud Foundation Security Vulnerabilities
VMware Cloud Foundation and VMware Aria Automation are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes operations automation, infrastructure auto-configuration, and integrate...
VMSA-2024-0001:VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability
Advisory ID: VMSA-2024-0001 CVSSv3 Range: 9.9 Issue Date:2024-01-16 Updated On: 2024-01-16 Initial Advisory CVEs: CVE-2023-34063 Synopsis: VMware Aria Automation formerly vRealize Automation updates address a Missing Access Control vulnerability CVE-2023-34063 RSS Feed Download PDF Download Text...
open security update
CentOS Errata and Security Advisory CESA-2023:7279 An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Rocky Linux 8 : kernel-rt (RLSA-2024:0134)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0134 advisory. - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative...
kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
Security Bulletin: Vulnerabilities in VMware affect IBM Cloud Pak System [CVE-2023-34048, CVE-2023-34056]
Summary Vulnerabilities in VMware vCenter affect IBM Cloud Pak System. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34048 DESCRIPTION: VMware vCenter Server and Cloud Foundation could allow a remote attacker to execute arbitrary cod...
USN-6572-1 linux-azure vulnerabilities
Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...
Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6572-1)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6572-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged...
Ubuntu: Security Advisory (USN-6567-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6567-1 qemu vulnerabilities
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...
USN-6567-1: QEMU vulnerabilities
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in several DB2 products such as DB2, DB2 for Cloud Pak and Web Query for i. A malicious party could exploit the exploit the vulnerabilities to grant himself locally elevated privileges assigned arbitrary code and thus execute arbitrary code with potentially privilege...
K000138114: open-vm-tools vulnerability CVE-2023-34058
Security Advisory Description VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https : //docs . vmware . com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtu...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...
VMware vRealize Network Insight (vRNI) Multiple Vulnerabilities (VMSA-2022-0031)
According to its self-reported version, the instance of VMware vRealize Network Insight running on the remote web server is affected by multiple vulnerabilities: - vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network...
vmware-ebook.com Improper Access Control vulnerability OBB-3815416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...