13053 matches found
SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2023:4730-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4730-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. Th...
VMware Spring Framework RCE Vulnerability (Spring4Shell, SpringShell) - Active Check
The VMware Spring Framework is prone to a remote code execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...
VMware Workspace ONE Launcher Security Vulnerability
VMware Workspace ONE Launcher is an application from VMware, Inc. enables organizations across industries to easily lock down or share multi-user Android devices in single or multi-application mode. A security vulnerability exists in VMware Workspace ONE Launcher prior to version 23.11, which ste...
VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064)
3. Privilege Escalation Vulnerability Workspace ONE Launcher contains a Privilege Escalation Vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3...
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans RATs on compromised hosts. Cisco Talos is tracking...
VMware Cloud Director - Bypass identity verification Exploit
CVE-2023-34060 vulnerability is a vulnerability that allows an attacker to bypass identity verification when entering port 22 ssh or port 5480 Device Management Console in VMware Cloud Director Appliance123. This vulnerability does not exist on port 443 VCD provider and tenant sign-in...
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations (vROps) arises from insufficient validation of the authenticity of the queries executed. This allows a perpetrator to carry out a CSRF attack.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations vROps is related to insufficient verification of the authenticity of the queries being executed. Exploiting this vulnerability could allow a malicious actor to perform a CSRF attack remotely...
The vulnerability of VMware Fusion and VMware Workstation, related to insufficient validation of input data, allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of VMware Fusion and VMware Workstation lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
VMware vCenter API Settings
Binary data vmwarevspherevcentersettings.nbin...
CVE-2023-34061 - Gorouter route pruning | Cloud Foundry
Severity HIGH Vendor CloudFoundry Foundation Versions Affected Routing Release 0.163.0 CF Deployment 0.28.0 Description Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning an...
VMware Tools for Linux 10.3.x < 10.3.26 Authentication Bypass (VMSA-2023-0019)
The version of VMware Tools installed on the remote Linux host is 10.3.x prior to 10.3.26. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious attacker with man-in-the-middle network positioning in the virtual machine network can bypass SAML token signature...
VMware Workspace ONE UEM console Open Redirect (VMSA-2023-0025)
The version of Workspace ONE UEM console running on the remote host is 2203 prior to 22.3.0.48, 2206 prior to 22.6.0.36, 2209 prior to 22.9.0.29, 2212 prior to 22.12.0.20 or 2302 prior to 23.2.0.10. It is, therefore, affected by an open redirect vulnerability. A remote attacker can redirect a...
VulnCheck KEV: CVE-2021-21978
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...
Exploit for Improper Preservation of Permissions in Vmware Spring_Security
cve-2023-34034 Demonstration of CVE-2023-34034 aut...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...
VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework 6.0.0 - 6.0.13 DoS Vulnerability
The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Security
Summary Multiple vulnerabilities in VMware Tanzu Spring Security used by IBM InfoSphere Information Server were addressed. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Security could allow a...
VMWare Tools or Open VM Tools Installed (Linux)
Binary data vmwaretoolsnixinstalled.nbin...