Photon OS 5.0: Kafka PHSA-2026-5.0-0855

An update of the kafka package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0855. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

VMware vSphere Client (HTML5) - Remote Code Execution

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

VMware Workspace ONE Access - Server-Side Template Injection

VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identit...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates Artificial Intelligence and Large Language Modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.1.0 through 1.1.x. The vulnerability stems from a failure to clean up...

Astra Linux - уязвимость в open-vm-tools

VMware Tools 12.0.0, 11.x.y, and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the guest OS can escalate privileges as a root user in the virtual machine...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fixed a memory leak in vmwgmridmangetnode When idaallocmax fails, resources allocated before should be freed, including those allocated by kmalloc and ttmresourceinit...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers. The kms paths maintain a persistent map that is active for reading and comparing the cursor buffer. These maps can conflict with each other in simple scenarios where: a buffer “a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/vmware: Fixed hypercall clobbering issues. Fedora QA reported the following panic: BUG: Unable to handle a page fault for address: 0000000040003e54 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-prese...

Astra Linux - уязвимость в open-vm-tools

open-vm-tools contains a file descriptor hijacking vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a malicious guest driver to allocate and initialize a large number of page tables, which can be used as a ring of descriptors for CQ and async events. This could potentially lead to out-of-bound...

VMware Fusion 25H2 < 26H1 Local Privilege Escalation (VMSA-2026-0003)

The version of VMware Fusion installed on the remote macOS host is 25H2 prior to 26H1. It is, therefore, affected by a vulnerability: - VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with loca...

Photon OS 4.0: Curl PHSA-2026-4.0-1020

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1020. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Gstreamer PHSA-2026-4.0-1015

An update of the gstreamer package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Expat PHSA-2026-4.0-1013

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

GHSA-QJXF-6753-VC9P vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...

GHSA-4GX5-8RX4-VXMJ vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...

GHSA-3W37-M4PG-Q585 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...

CVE-2026-43104 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...

GHSA-QX6Q-MQG9-4PX7 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...